Created attachment 161173 [details] Patch for [1] - Fix build from plain user; don'r set set[ug]id bits from install, set them via plist [1] - Plist should be revisited: only directories/files which are intended to be modified by ecartis process should be owned by ecartis:ecartis. Otherwise it's a security problem.
Approved by maintainer.
A commit references this bug: Author: amdmi3 Date: Thu Oct 1 17:31:34 UTC 2015 New revision: 398374 URL: https://svnweb.freebsd.org/changeset/ports/398374 Log: - Fix build from plain user; don'r set set[ug]id bits from install, set them via plist PR: 203198 Submitted by: amdmi3 Approved by: jtrigg@ecartis.net (maintainer) Changes: head/mail/ecartis/files/patch-Makefile head/mail/ecartis/pkg-plist
Patch committed, but you still need to fix plist: only directories or files which need to be writable should be owned by ecartis.
Any news on this?
Yes, the entire /usr/local/ecartis directory structure needs to be owned by the ecartis user as ecartis is currently written. It is a matter for upstream (which I also am, but this is significantly lower on the priority list than some other issues).