MITM attacks against portsnap and freebsd-update
dt71 at gmx.com
dt71 at gmx.com
Sat Apr 12 12:33:57 UTC 2014
David Noel wrote, On 04/10/2014 19:03:
> The reason I see for it to be retired is that subversion allows us to
> easily and securely check out the ports tree. It's a one-line command:
> `svn co https://...`. Keeping it up-to-date it is another one-liner:
> `cd /usr/ports; svn update`. With the inclusion of svnlite in base,
> the portsnap code and servers acting as mirrors become redundant and
> seem like a waste of resources.
One-liners are also sufficient for Portsnap.
Subversion, due to its scheme of keeping an uncompressed copy of each file in .svn trees, wastes ~410MiB of disk space (for ports; additionally, ~820MiB for src) for users who only want to build ports from source, not develop; whereas Portsnap wastes only ~140MiB.
Subversion is more of a resource strain on both clients and servers.
More information about the freebsd-hackers
mailing list