[PC-BSD Dev] PC-BSD
kris at pcbsd.com
Mon Oct 20 11:30:00 PDT 2008
> Kris Moore пишет:
>> A.Y. wrote:
>>> Hey Kris!
>>> Is there will be any dev-talks about PC-BSD taska and plans?
>>> Can we make a little meeting someday?
>> Sure, we just need to schedule one :)
>> Or we can discuss on the -dev list, as well. Did you have some specific
>> ides to implement now?
> Hello all! I'd like to know when will be our next dev-meeting and idea
> brainstorming, what current tasks, what could I take.
> And PBI-security is disturbing me, something have to be done :)
Well, I did look over your proposals for changing PBI to not require a
root password, but I don't really see a huge benefit in security /
flexibility in doing so at this time. Right now when a user installs a
PBI, and gets prompted for a root PW, it's just as secure as any other
package management system. I.E. if you download a FreeBSD .tbz package,
you have to install it with root as well, and that could potentially be
compromised in the same way, if you downloaded a malicious package. Same
with RPM, .EXE, DEB, etc.
What it really boils down to is that a user needs to exhibit some common
sense in installing software, and not grab a file from
freestuff.warze-serve.freehost.ru that they may not know about :) Same
with any other package management system, the user needs to not install
from an untrusted source.
The thing is, even if we created some sort of system which allows PBI to
only create links with sudo, there are enough various programs which
need more access than that, and would require using a root password
again. (Qemu is a good example)
As for having a dev meeting, we could discuss here any new ideas we may
wish to kick around, or jump on IRC at any time. I'm fine with both.
More information about the Dev