Kris Moore kris at pcbsd.com
Mon Oct 20 11:30:00 PDT 2008

A.Yerenkow wrote:
> Kris Moore пишет:
>> A.Y. wrote:
>>> Hey Kris!
>>> Is there will be any dev-talks about PC-BSD taska and plans?
>>> Can we make a little meeting someday?
>> Sure, we just need to schedule one :)
>> Or we can discuss on the -dev list, as well. Did you have some specific
>> ides to implement now?
> Hello all! I'd like to know when will  be our next dev-meeting and idea
> brainstorming, what current tasks, what could I take.
> And PBI-security is disturbing me, something have to be done :)

Well, I did look over your proposals for changing PBI to not require a 
root password, but I don't really see a huge benefit in security / 
flexibility in doing so at this time. Right now when a user installs a 
PBI, and gets prompted for a root PW, it's just as secure as any other 
package management system. I.E. if you download a FreeBSD .tbz package, 
you have to install it with root as well, and that could potentially be 
compromised in the same way, if you downloaded a malicious package. Same 
with RPM, .EXE, DEB, etc.

What it really boils down to is that a user needs to exhibit some common 
sense in installing software, and not grab a file from 
freestuff.warze-serve.freehost.ru that they may not know about :) Same 
with any other package management system, the user needs to not install 
from an untrusted source.

The thing is, even if we created some sort of system which allows PBI to 
only create links with sudo, there are enough various programs which 
need more access than that, and would require using a root password 
again. (Qemu is a good example)

As for having a dev meeting, we could discuss here any new ideas we may 
wish to kick around, or jump on IRC at any time. I'm fine with both.


Kris Moore
PC-BSD Software

More information about the Dev mailing list