http://bugzilla.novell.com/show_bug.cgi?id=560903
http://bugzilla.novell.com/show_bug.cgi?id=560903#c7
Anna Bernathova changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |anicka@novell.com
Info Provider|anicka@novell.com |meissner@novell.com
--- Comment #7 from Anna Bernathova 2009-12-09 13:58:17 UTC ---
Well, compiling sshd like we are doing it now is a little more secure: If you
compile it, you can be quite sure that only right copies of external binaries
(they are used ie. for colection of entropy and some more things) are chosen
for using.
Adding /usr/local/bin is not likely to do any harm for our builds. But our
users could more easily unintentionally rebuild the package with wrong binaries
and make their system insecure. I do not know whether it is a problem for us or
not, it is a matter of policy.
So maybe we should ask what does security team think about it. Marcus?
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.