Retiring portsnap [was MITM attacks against portsnap and freebsd-update]

[Bryan Drewery]

On 2014-04-11 15:23, David Noel wrote:
>>> If you look at the portsnap build code you'll see that the first
>>> thing portsnap does is pull the ports tree from Subversion. It uses
>>> the URL svn://svn.freebsd.org/ports. By not using ssl or svn+ssh
>>> the entire ports archive is exposed to corruption right from the
>>> start.
>> 
>> Just to clarify -- this is not entirely true.  I have double checked
>> and confirmed that the snapshot builder of portsnap at FreeBSD.org
>> uses svn over spiped transport.
>> 
>> The configuration on svn do not necessarily reflect what's running in
>> production (however you brought a very good point that it's a good
>> idea to bring them public assuming there is no sensitive information
>> in them so anyone can review them).
> 
> Thanks for checking on that. I don't have production access so I could
> only assume that what was in /user/cperciva/portsnap-build was what we
> were running. I'm surprised to find out that it's not.
> 
> My main point was that if you don't trust Subversion it makes no sense
> to say you trust portsnap. Portsnap pulls the ports tree from
> Subversion. Using Subversion! The portsnap system relies on the trust
> of both svnadmin and svn. Just as it does when you run svn co and svn
> up. If you say you don't trust Subversion, essentially what you're
> saying is that you don't trust anything running on your computer.
> 
>> you brought a very good point that it's a good
>> idea to bring them public assuming there is no sensitive information
>> in them so anyone can review them).
> 
> Thank you. I hope something comes of this conversation. I have no
> access to production so for these sorts of things all I can do is mail
> this list and hope that someone makes the requested changes.

Who said we don't trust subversion? I certainly was not meaning that.

-- 
Regards,
Bryan Drewery