> But if we don't want to allow 'pkg_add pptp' to enable > an insecure protocol, why do we want to allow executing > pptp to do so? > > Isn't the idea to have the user _manually_ turn a knob > if that knob makes the system more insecure?
This is rather simple to break apart. installing a package does not mean you are going to use it. adding another knob that people don't know on another system makes it more difficult to use openbsd. there is an obvious middle ground. starting an application means you want to use it, so THAT is the moment when the permission should be changed. it is not like it is securelevel locked or some such thing.
