On Sun, Jul 13, 2014 at 03:26:23PM -0400, Daniel Dickman wrote: > On Fri, Jul 11, 2014 at 9:10 PM, Paul Irofti <[email protected]> wrote: > > On Fri, Jul 11, 2014 at 01:35:54PM -0600, Daniel Dickman wrote: > >> CVSROOT: /cvs > >> Module name: src > >> Changes by: [email protected] 2014/07/11 13:35:54 > >> > >> Modified files: > >> gnu/usr.bin/lynx: Makefile.bsd-wrapper > >> > >> Log message: > >> start reducing the attack surface of lynx. > >> > >> leave gopher, news, and dired in place for now. but we will soon catch up > >> to the security level of internet explorer 7 by removing these too. > > > > Can you prove your statements? Or have you already integrated into the > > OpenBSD subgroup that throws poo at other open-source projects just > > because it's the cool thing to do? > > > > Paul, I'm sorry to have been unclear but you've misunderstood my > commit message. This was not directed at lynx at all. I made a change > in a local OpenBSD file and not anything to do with mainline lynx (the > change was to Makefile.bsd-wrapper). > > I'm saying that we should do what Microsoft realized early on is good > security practice and turn off protocols to reduce the attack surface. > I'm only talking about the local version bundled on openbsd and not > directing any comments at main-line lynx; a browser I use regularly. > > frankly i'm surprised how much people have been complaining about this > change. if you want full lynx, please submit a port. pretty much no > one has even realized that i've updated lynx to 2.8.8rel2. that is > surely a much bigger change than to disable a few protocols. have > people noticed any changes in behaviour from that massive update? > where are the complaints from the update? i guess no one is actually > really testing lynx...
Okay, it was perhaps a missunderstanding on my part and I'm sorry for that. I'm glad that you did not direct that at the lynx project and its developers. I am okay with disabling gopher and the other protocols if that's the general consensus (which seems to be). So please don't let me hold you back on that. Keep up the good work on maintaining our local lynx!
