Chris Rees cr...@freebsd.org wrote
in CADLo8380zGtCETzGrKzMrD_3Fwm2bZOMpEFLupaD_=mpu5k...@mail.gmail.com:
cr On 28 May 2012 18:11, Stephen Montgomery-Smith step...@missouri.edu wrote:
cr On 05/28/2012 11:35 AM, Gábor Kövesdán wrote:
cr
cr On 2012.05.28. 18:16, Stephen Montgomery-Smith wrote:
On 05/27/2012 09:19 PM, Eitan Adler wrote:
On 27 May 2012 18:14, Stephen Montgomery-Smithstep...@missouri.edu wrote:
There are a number of issues. In particular there is no checksum calculated
for install-tl-unx.tar.gz because I suspect that it changes very often.
This is a security risk
On 05/27/2012 08:48 PM, Nikola Lečić wrote:
On Sun, 27 May 2012 20:32:14 -0500, Stephen Montgomery-Smith wrote:
Hi People,
I have written a simple port which is in essence a wrapper around the
texlive installation script. It also builds (almost) all of the binaries
from scratch.
Does anyone
On 05/27/2012 09:19 PM, Eitan Adler wrote:
On 27 May 2012 18:14, Stephen Montgomery-Smithstep...@missouri.edu wrote:
There are a number of issues. In particular there is no checksum calculated
for install-tl-unx.tar.gz because I suspect that it changes very often.
This is a security risk
On 5/28/12 10:11 AM, Stephen Montgomery-Smith wrote:
How about if I add lines like this:
.if !defined(IGNORE_SECURITY_RISK)
IGNORE= has a security risk because it downloads a file \
without a checksum. Define IGNORE_SECURITY_RISK to build this port
.endif
Would it be considered OK
On Mon, 28 May 2012 09:06:18 -0500, Stephen Montgomery-Smith wrote:
2. fontconfig is a run dependency as well, xetex needs it to run.
Thanks. What about perl - is that a run dependency as well?
Yes, it is, install-tl and tlmgr are perl scripts.
3. TeX Live ships with its own portable
On 05/28/2012 10:47 AM, Michael Scheidell wrote:
On 5/28/12 10:11 AM, Stephen Montgomery-Smith wrote:
How about if I add lines like this:
.if !defined(IGNORE_SECURITY_RISK)
IGNORE= has a security risk because it downloads a file \
without a checksum. Define IGNORE_SECURITY_RISK to build
On 2012.05.28. 18:16, Stephen Montgomery-Smith wrote:
On 5/28/12 10:11 AM, Stephen Montgomery-Smith wrote:
How about if I add lines like this:
.if !defined(IGNORE_SECURITY_RISK)
IGNORE= has a security risk because it downloads a file \
without a checksum. Define IGNORE_SECURITY_RISK to
On May 28, 2012 5:23 PM, Stephen Montgomery-Smith step...@missouri.edu
wrote:
On 05/28/2012 10:47 AM, Michael Scheidell wrote:
On 5/28/12 10:11 AM, Stephen Montgomery-Smith wrote:
How about if I add lines like this:
.if !defined(IGNORE_SECURITY_RISK)
IGNORE= has a security risk because
On 05/27/2012 09:19 PM, Eitan Adler wrote:
On 27 May 2012 18:14, Stephen Montgomery-Smithstep...@missouri.edu
wrote:
There are a number of issues. In particular there is no checksum
calculated
for install-tl-unx.tar.gz because I suspect that it changes very often.
This is a security risk
On 05/28/2012 10:44 AM, Nikola Lečić wrote:
On Mon, 28 May 2012 09:06:18 -0500, Stephen Montgomery-Smith wrote:
2. fontconfig is a run dependency as well, xetex needs it to run.
Thanks. What about perl - is that a run dependency as well?
Yes, it is, install-tl and tlmgr are perl scripts.
On 05/28/2012 11:29 AM, Jason Helfman wrote:
On 05/27/2012 09:19 PM, Eitan Adler wrote:
On 27 May 2012 18:14, Stephen Montgomery-Smithstep...@missouri.edu
wrote:
There are a number of issues. In particular there is no checksum
calculated
for install-tl-unx.tar.gz because I suspect that it
On 05/28/2012 12:31 PM, Chris Rees wrote:
On 28 May 2012 18:11, Stephen Montgomery-Smithstep...@missouri.edu wrote:
On 05/28/2012 11:35 AM, Gábor Kövesdán wrote:
On 2012.05.28. 18:16, Stephen Montgomery-Smith wrote:
On 5/28/12 10:11 AM, Stephen Montgomery-Smith wrote:
How about if I
On Mon, 28 May 2012 11:53:29 -0500, Stephen Montgomery-Smith wrote:
[...]
This looks non-trivial. Simply setting the setuid bit on the tlmgr
script doesn't work, because it is a perl script. One way would be to
write a wrapper.
But I would recommend the port security/super which allows you
On 5/28/2012 9:35 AM, Gábor Kövesdán wrote:
Better to host it on the FreeBSD mirrors.
The more we can diversify out to other sites, the better. It's fine to
have the FreeBSD mirrors as a last resort, but they shouldn't be the
first choice.
Doug
--
This .signature sanitized for your
On Sun, 27 May 2012 20:32:14 -0500, Stephen Montgomery-Smith wrote:
Hi People,
I have written a simple port which is in essence a wrapper around the
texlive installation script. It also builds (almost) all of the binaries
from scratch.
Does anyone have any suggestions? Would anyone mind if
On 27 May 2012 18:14, Stephen Montgomery-Smith step...@missouri.edu wrote:
There are a number of issues. In particular there is no checksum calculated
for install-tl-unx.tar.gz because I suspect that it changes very often.
This is a security risk and must not be committed as is.
--
Eitan
17 matches
Mail list logo
