joshua stein wrote: > We don't recommend FTP mirrors anymore, installing a package via a > pipe doesn't seem to work anymore, and packages have to be signed to > be installed so the advice about miscreants is not very relevant.
Good catch with the FTP link. I think it's still worth mentioning that you put trust in the packages you install. Although the package tarballs themselves are now signed (by default), the porter or software author could still try to slip something in. > Index: pkg_add.1 > =================================================================== > RCS file: /var/cvsync/src/usr.sbin/pkg_add/pkg_add.1,v > retrieving revision 1.134 > diff -u -p -u -p -r1.134 pkg_add.1 > --- pkg_add.1 4 Nov 2015 16:59:58 -0000 1.134 > +++ pkg_add.1 20 Jan 2016 21:06:53 -0000 > @@ -198,41 +198,6 @@ dependencies with the list of packages l > user's opinion in interactive mode, > then install default packages that satisfy the dependencies. > .Pp > -Alternatively, it is possible to add packages interactively from within the > -.Xr ftp 1 > -client, > -in which case setting > -.Ev PKG_PATH > -correctly will be necessary for any dependency to be found out and retrieved > -the same way. > -For example, the following works: > -.Bd -literal -offset indent > -$ ftp ftp://ftp.openbsd.org/pub/OpenBSD/2.7/packages/i386/ > -250 CWD command successful > -ftp> ls m* > -227 Entering Passive Mode (129,128,5,191,164,73) > -150 Opening ASCII mode data connection for m*. > -m4-1.4.tgz > -metamail-2.7.tgz > -mh-6.8.4.tgz > -mm-1.0.12.tgz > -mpeg_lib-1.2.1.tgz > -mpeg_play-2.4.tgz > -mpg123-0.59q.tgz > -mutt-0.95.7i.tgz > -226 Transfer complete. > -ftp> get m4-1.4.tgz "|pkg_add -v -" > -.Ed > -.Pp > -.Sy Warning: > -Since the > -.Nm > -command may execute scripts or programs contained within a package file, > -your system may be susceptible to > -.Dq trojan horses > -or other subtle attacks from miscreants who create dangerous packages. > -Be sure the specified package(s) are from trusted sources. > -.Pp > The options are as follows: > .Bl -tag -width keyword > .It Fl A Ar arch >
