[prev in list] [next in list] [prev in thread] [next in thread] 

List:       macports-dev
Subject:    Re: Homebrew hacked
From:       Dave Horsfall <dave () horsfall ! org>
Date:       2018-08-09 9:54:49
Message-ID: alpine.BSF.2.21.9999.1808091930580.19950 () aneurin ! horsfall ! org
[Download RAW message or body]

On Wed, 8 Aug 2018, Daniel J. Luke wrote:

[ Need for a security officer ]

> Volunteer project ... I don't think anyone has volunteered to wear that 
> hat.

Then may I suggest that you make it a high priority to find someone?

Don't look at me, because I only joined this list recently with the 
delusion of becoming a MacPorts developer some time, and I don't believe 
that I have the experience for that job.

In the meantime, I know Perry from another mailing list (he might remember 
my occasional postings) and believe me, if he recommends that a security 
officer is needed then someone ought to pay attention to him.

> (a long time ago, I was on a bunch of security-announce mailing lists 
> and made sure to follow-up on any ports that looked like they needed 
> patching, but I don't have free time to do that no - and the number of 
> ports we have is /much/ larger).

I've been on a number of security lists for many years, and although I 
have the time (being retired) I simply don't have the expertise (I have 
enough trouble coping with MacPorts at a user level from time to time), so 
I should not be allowed anywhere near the system if you get my drift...

Sorry, but I can't help but compare MacPorts with FreeBSD-ports (I use 
both regularly, and every week I do a "sudo apt-get update" on the Penguin 
box (I use it to see what they've broken this time on software that I 
develop for the Mac and FreeBSD); they achieve the same end but via 
completely different means, and I see no reason why they should not learn 
from each other (somehow).

-- Dave
[prev in list] [next in list] [prev in thread] [next in thread]