/usr/portsnap vs. /var/db/portsnap
Colin Percival
cperciva at freebsd.org
Mon Aug 8 19:54:23 GMT 2005
Stijn Hoop wrote:
> On Sun, Aug 07, 2005 at 09:11:31AM -0700, Colin Percival wrote:
>>Two reasons come to mind: First, the portsnap chain of security starts
>>with running cvsup to cvsup-master through a tunnel to freefall... a
>>non-committer wouldn't be able to do that.
>
> OK, I'm still arguing in the hypothetical case, but why is it insecure
> then to redistribute a copy of a portsnap'd ports tree + local patches?
Hmm. I didn't think of that option. I guess it would be ok, as long as
the machine which was doing the repackaging was kept secure.
Colin Percival
More information about the freebsd-arch
mailing list