MITM attacks against portsnap and freebsd-update

Julian Elischer julian at freebsd.org
Sat Apr 12 01:55:16 UTC 2014 

On 4/12/14, 5:20 AM, Anton Afanasyev wrote:
> On Fri, Apr 11, 2014 at 11:04 AM, Matthew Rezny <matthew at reztek.cz> wrote:
>
>> The biggest effort would be adding rsync to base, but being that we have
>> svn(lite) in base it should not be a big deal to add rsync.
>>
> I may be too naive and/or just not understand things as well as those who
> do move code into base, so excuse my ignorance, but why was svnlite moved
> into base, and why even consider moving rsync into base?
> Sure, it is nice if the base includes everything needed to allow
> development of it; it is also a must to be able to update and build your
> ports. But why include tools that do this, rather than a bootstrap for
> installing those tools?
because historically, a base freebsd distribution is all you need to
rebuild a base FreeBSD system from "CHECKED IN SOURCES".

lot s of people  have their environments set up assuming this is true.
(me included). It's also a worry abotu wether one has ht eright 
version of SVN
or whether you  need some special version (we did at one stage)... 
this takes all
the qustions out of it.  I know .. Git-lovers are upset..



> For developing and updating base, why not include a script that fetches a
> (sufficiently fresh) snapshot of the ports tree and let the user decide
> whether they want to use svn or any other port to update their sources? If
> it is deemed too large a download (a valid concern) - download only svn and
> its dependencies, possibly even to a ports tree rooted in a location
> different from /usr/ports, and build svn from that.
> For keeping ports up to date, why not include a script that fetches a
> (sufficiently fresh) copy of the ports tree and tell the user that the
> preferred method to update is rsync; heck, create a port that uses rsync to
> do what Matthew described above, and /offer/ to install it for the the user
> from the tree that was just downloaded.
>
> Something along the lines of the above would completely remove the need to
> keep unrelated code in base - and the need to keep it updated - , while
> still allowing the end user to keep base and ports up to date.
>
>
> Anton
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>

More information about the freebsd-hackers mailing list