So many formats, So few packages

Jeff Johnson n3npq at mac.com
Thu Apr 7 13:03:08 PDT 2011


On Apr 7, 2011, at 3:50 PM, Jordan K. Hubbard wrote:

> 
> If you really care about security then you'll accept that we simply cannot trust software, regardless of its delivery vehicle, and the real action is in damage limitation.  Assuming that everything that runs as my uid is "OK" is simply a busted model since all applications are simply not created equal, regardless of whether or not it's me running them.  To put it another way, the application's UUID is the new uid.  It should be able to screw itself but nothing else, just as a user on a unix system can currently screw themselves but not other users (assuming all the permissions are correct of course).
> 

Speaking of UUID's ...

Does MacPorts have a well-defined and documented means of attaching the "new uid's" to
ports?

Its quite simple actually ... even if you get it wrong, UUID's are just random
bit soup used as an identifier.

So is MacPorts prepared to commit to a UUID based identification scheme for ports?

73 de Jeff



More information about the macports-dev mailing list