> Stefan Sperling <[EMAIL PROTECTED]> wrote: > > > This patch has been sitting on the list for a month now. > > Can someone please commit this? > > Theo has requested that pptp should not set net.inet.gre.allow=1 > when the package is installed, but only when the program is run, > i.e., add corresponding sysctl(3) calls to pptp proper.
This same idea should apply to other packages. When you install a package on a machine, it should not open a gaping hole in the machine. Once you configure it, or run it, then it can do what it needs. But doing a pkg_add *.tgz should not generate a less secure configuration of a machine. That is just clearly wrong.