The prevailing paradigm is that a package install requires an affirming action in rc.conf. Neither of "man pkg-add" nor "pkg-install" explicitly states that an installed package will do other than perform installation and updating steps. At best, it is implied that installation scripts are run by the existence of -I which prevents installation scripts from running in both (pkg add, pkg install), but this is to *perform* an installation.
It must be noted that the porter's handbook states unambiguously that "Important: This script [Ed: during pkg add, pkg install] is here to help you set up the package so that it is as ready to use as possible. It must not be abused to start services, stop services, or run any other commands that will modify the currently running system." Ref: https://docs.freebsd.org/en_US.ISO8859-1/books/porters-handbook/pkg-install.html I'd suggest that the man pages be updated and to explicitly align with the porter's handbook. As installation does not imply consent to execute. Stefan, I've been involved in quite a few privacy breaches (from a server perspectives) so I appreciate the elevated level of concern. I'd suggest that you review https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A02016R0679-20160504&qid=1532348683434 as the GDPR relates to natural persons and data pertaining to them. The transmission of data pertaining to applications and their version, may be a security risk, but it isn't a breach against a natural person's privacy. However as a data controller you may have an obligation IF you have installed bsdstats onto individual workstations/PCs. As I suspect that this falls under the personal data related to an individual, hence subject to data protection rules. To avoid unnecessary disclosure as I see no reason to share information to hacking entities, I'm sharing my /etc/periodic.conf monthly_statistics_enable="YES" monthly_statistics_report_devices="YES" monthly_statistics_report_ports="NO" Kind regards, Dewayne _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
