Date: Fri, 23 May 2014 22:42:50 -0500 From: David Noel <david.i.noel@gmail.com> To: David Noel <david.i.noel@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: MITM attacks against portsnap and freebsd-update Message-ID: <CAHAXwYC8=EhwY0wivX8KNgn=VEbzyeDSd6PFuRb74winGqE4dQ@mail.gmail.com> In-Reply-To: <CAHAXwYAGeHMJjeE=EGGN1S-t7=gkAr-atNw-PYgiKi--jP4CYg@mail.gmail.com> References: <CAHAXwYBEtqxpDZJBhRF1=QDi6v97qQvJeYUbDE0kYqEsMbvf_w@mail.gmail.com> <537A704D.6010209@gmail.com> <CAHAXwYCjAtU3Wh-Y=juxaYQCU=om=bqonaRiq12VXs7nGT_fwA@mail.gmail.com> <CALf6cgZP6Ps==-vG1P3gbb5w9BovH4jisfSo-xPqRCp1jXRpWA@mail.gmail.com> <537B0522.8090109@gmail.com> <CAHAXwYAGeHMJjeE=EGGN1S-t7=gkAr-atNw-PYgiKi--jP4CYg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/23/14, David Noel <david.i.noel@gmail.com> wrote: > On 5/20/14, Alnis Morics <alnis.morics@gmail.com> wrote: >> On 05/20/2014 09:51, n j wrote: >>> On Tue, May 20, 2014 at 12:03 AM, David Noel <david.i.noel@gmail.com> >>> wrote: >>>> On 5/19/14, Alnis Morics <alnis.morics@gmail.com> wrote: >>>>> On 05/19/2014 23:28, David Noel wrote: >>>>>> I also think it would be an appropriate time to discuss retiring >>>>>> portsnap. >>>>> Subversion checkouts and updates take much more time than Porstnap. >>>> My experience has been that both portsnap and svn update typically >>>> take under a minute to complete. >>>> >>>> Regardless, don't most people run this in the background with portsnap >>>> cron? >>>> >>> I don't. And I don't regularly update the ports tree. >>> >>> When you regularly update ports tree, the diffs svn update needs to pull >>> are relatively small. When you update, say, once a month, portsnap in my >>> experience gets the job done a lot quicker. >>> >>> My $.02, >> Exactly. And "svn checkout" is incomparably slower than "portsnap fetch >> extract". > > It wasn't a terribly popular suggestion on the security list either. > It's unfortunate that svn doesn't work for your use case -- it was a > painless transition for me. The proposal was based on a "least amount > of work required" model. Now we're actually going to have to find > someone who has the time free to patch portsnap! > Does anyone know what the requirements are for obtaining one of those supercool @freebsd.org email addresses? Would patching these bugs qualify a person for one?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHAXwYC8=EhwY0wivX8KNgn=VEbzyeDSd6PFuRb74winGqE4dQ>