Re: cvs commit: ports/multimedia/xine Makefile

From: Jacques A. Vidrine (nectar_at_FreeBSD.org)
Date: 03/31/04

Previous message: Joe Marcus Clarke: "Re: cvs commit: ports/multimedia/xine Makefile"
In reply to: Oliver Eikemeier: "Re: cvs commit: ports/multimedia/xine Makefile"
Next in thread: Jacques A. Vidrine: "Re: cvs commit: ports/multimedia/xine Makefile"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 31 Mar 2004 10:53:01 -0600
To: Oliver Eikemeier <eikemeier@fillmore-labs.com>

On Tue, Mar 30, 2004 at 06:06:33PM +0200, Oliver Eikemeier wrote:
> Jacques A. Vidrine wrote:
>
> >[...]
> >In that fashion, users have a choice of security policy.
>
> Could you elaborate a bit what you mean with `choice of
> security policy'? Which different security policies are
> there to choose from?

Sure. Here are several invented security policies:

(a) Do not install ports that have been marked FORBIDDEN.
(This is the current de facto security policy.)

(b) Do not install ports that have been entered into the VuXML
     document, and warn me of any of those that are already
     installed.
     (portaudit implements this policy)

(c) Except for issues that I've marked ignore, do not install/warn me
about ports that have been entered into the VuXML document.
(My favorite policy.)

(d) Shutdown if any ports are installed that are listed in the
VuXML document.
(I'm just being silly.)

(e) Do not install ports with MAINTAINER=idiot@FreeBSD.org, and warn
me of any of those that are already installed.
(I'm just being silly.)

(f) Someone could potentially maintain an adjunct database that lists
just ``serious'' (by that person's definition of ``serious'')
issues by VuXML ID. Do not install ports in that adjunct database.

Hmm. Scenario (f) is essentially what you get when one adds

FORBIDDEN= http://vuxml.freebsd.org/...vid...html

to a port Makefile. As we've agreed before, ``FORBIDDEN'' is an
explicity severity indicator.

Other than selecting a default policy, we don't have to choose only
a single one of these, but only provide tools for implementing such
policies.

Cheers,

-- 
Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

Previous message: Joe Marcus Clarke: "Re: cvs commit: ports/multimedia/xine Makefile"
In reply to: Oliver Eikemeier: "Re: cvs commit: ports/multimedia/xine Makefile"
Next in thread: Jacques A. Vidrine: "Re: cvs commit: ports/multimedia/xine Makefile"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Administrative Rights Lost on DC
... While implementing security policies on a domain and the domain controller, ... One other example of a problem I am having is the TS logon as administrator. ... The security policy shows that the "Deny Logon Interactively through ...
(microsoft.public.windows.server.active_directory)
RE: Security policies - few questions!
... Security policies - few questions! ... |Security policy or Acceptable Usage Policy, ... |users on central server with regular backups. ... near the level of the drug industry but we do have a little industrial ...
(Security-Basics)
Re: p2p blocking
... >>> senior management weren't interested. ... >>It is all supposed to start with a security policy that states in no ... and that's what sucks about most security policies. ... The computer lead admin needs to be almost equal ...
(comp.security.firewalls)
Re: Basic Security Policy
... In my opinion a good security policy starts with the following ... happen to like security policies an awful lot. ... > the first thing I need to do is define a Network Security Policy that we ... > Internet Security Engineer ...
(Security-Basics)