Do you still need CTM?

Julian H. Stacey jhs at berklix.com
Thu Aug 20 12:01:28 UTC 2015 

Hi, Reference:
> To: "ctm-announce at FreeBSD.org" <ctm-announce at freebsd.org>
> From:		"Montgomery-Smith, Stephen" <stephen at missouri.edu>
> Date:		Wed, 19 Aug 2015 04:05:26 +0000
> 
> I just received an email from one of the FreeBSD people telling me
> that they are worried about the security threat posed by CTM.  They
> would like to disconnect it from the base FreeBSD system.

If someone wants to axe CTM, we should Not acquiesce without examining Why.
Periodicaly people wish to rip stuff out of FreeBSD src/; the
phenomena repeatedly causes un-necessary agravation.  Some previously
haven't been mature enough to recognise one man's junk is another
man's valued functionality, some past axers have had to back off.

Reasons/excuses to rip stuff out of src/ sometimes include eg size
(but usr.sbin/ctm is just 300K) & architectural complications with
kernel & libs (but this is just a user prog). If an axer asserts
there's a security issue, original author phk@ may be interested.
<ctm-users at freebsd.org> may also be interested to fix it, but 
axe propenet has Not provided us detail.

The axer proponent should present detail direct to us <ctm-users at freebsd.org>.
In particular:
  - Does the axer mean a threat to ctm_smail generator machines ?
    If so: What threat ? Detail required by Stephen & I.  'Cos it's
    Stephen's generator host, not an @freebsd.org cluster server,
    & years back I gave Stephen facilities on my berklix.org FreeBSD server
    as fallback, still available if needed.
  - Does the axer mean a threat to @freebsd.org cluster servers ?
    If so How ? What ? That's just a mirrored tree & mail servers for deltas.
  - Does the axer mean a threat to ctm_rmail recipients that recompile & run ?
    If so, we want detail, But axers deserve no say re. CTM usage
    by recipient, that is a judgement call Exclusively for recipient
    users alone to weigh any risk versus utility & efficiency of use.


> Personally I have become extremely happy with using subversion, and if
> CTM were to disappear, I could live without it very easily.

Doesn't suprise me Stephen, as you are our kind maintainer, the man
who bridges svn to ctm so you must know both, it us who benefit from CTM,
not you, thanks for your work :-)

Actually I'm currently using both, eg
CTM update of svn-cur, src-[0-9][0-9] & ports  but also
svn co -q file:///usr/svn/base/head (& file:///usr/svn/ports/head)
for testing current patches (can't remember detail, been away)

I do Not want to see CTM dissapear, & most certainly not for svn-cur !
Its very useful Push technology - transfer is batched & queued for maximaly
convenient & cheap connectivity, using minimum time from fast local SMTP
queues, no reliance on Pull technology from remote SVN servers.

Others also pointed out SVN trees are Big.

> But maybe some of you feel differently.  One thing we could do is
> 1.  Create a CTM port;
> 2.  Put the deltas on a server other than official FreeBSD servers;
> 3.  Host our own mailing lists.
> 
> Honestly, I think the best thing to do is to close CTM.  But if anyone
> else really wants CTM, and is willing to do (2) and (3), I can easily
> do (1).

Re. 1) 	If the unknown axer proponent makes a persuasive case for CTM removal,
       	then it would be nice if you created a port. I wouldn't bother yet.
       	Let him/them justify to us, motivation to axe CTM.
Re. 2) 	My berklix.org server is available but I'd want it mirrored so it
	didnt take global load. I see no need. The tree is no risk
	to @freebsd.org ftp servers, & they have mirroring set up,
	pointless to reinvent the wheel.
Re. 3) 	berklix.org runs majordomo@ not yet a mailman, If I had to, I
	could create CTM mail lists on berklix, but I dont want to
	waste the time on that, as I should migrate berklix from
	majordomo to mailman.  Also there's No security risk to
	@freebsd.org servers in mailing ctm deltas, no reason to move.

Kirby, Mark wrote
> I would not have any issue if CTM was disabled.

A non sequitur. He will leave list.  Lists of CTM users will include
ctm-users@ + delta subscribers addresses.  Though the delta addresses
will differ in some cases, eg some will not respond to a "Do you
still need this" post, as some will be procmail + ctm_rmail auto
discarding non valid deltas.

Summary: CTM should Not be axed. 
	No one has even presented <ctm-users at freebsd.org> reasons to examine.

Cheers,
Julian
--
Julian Stacey, BSD Linux Unix C Sys Eng Consultant Munich http://berklix.com
 Reply after previous text, like a play - Not before, which looses context.
 Indent previous text with "> "         Insert new lines before 80 chars.
 Send plain text, Not quoted-printable, Not HTML, Not ms.doc, Not base64.
 Subsidise contraception V. Global warming, pollution, famine, migration.

More information about the ctm-users mailing list