View Single Post
  #7   (View Single Post)  
Old 5th March 2011
roarde's Avatar
roarde roarde is offline
Real Name: Robert
New User
 
Join Date: Dec 2010
Location: Georgia, US
Posts: 7
Default

Net(etc)BSD is right to have non-installation of vulnerable packages as the default. This can be overridden on a per-package basis, or generally. The information to evaluate the risk to a given system is there.

It's possible, and probably not too hard, to script automatic acceptance of packages with certain vulnerabilities and not others. If someone would set it up and make it available on a separate basis that'd be great. But it shouldn't be part of a BSD or its packages or ports system; just "well known" among the community.

As for blocking many of the potential attacks at a system interface level, I suppose it's possible for much of this; but that would be even more annoying, hard to implement and maintain, and less transparent. Often the reason for a particular application's problems would be in this layer, but near-impossible to find.
Reply With Quote