On 2015-11-22, "trondd" <tro...@kagu-tsuchi.com> wrote: > I haven't seen much discussion about applying pledge to ports, so I > thought I'd > find out how people feel about it.
Reluctant. Very reluctant. You may remember that by and large we stopped adding strl* patches to ports, because they become a maintenance burden when not accepted upstream and there is a real risk of introducing bugs. I am very worried about people sprinkling pledge() over ports with the result that programs die with pledge violations when a user runs the program slightly differently than the maintainer. We have added pledge() to a few popular decompressors because these are a potential attack vector against the package building machines, and it took sthen@ and me three attempts to get right an ostensibly simple program like xz. -- Christian "naddy" Weisgerber na...@mips.inka.de
