From owner-freebsd-hubs@FreeBSD.ORG Tue Nov 13 01:39:42 2012 Return-Path: Delivered-To: freebsd-hubs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B3B34AE for ; Tue, 13 Nov 2012 01:39:42 +0000 (UTC) (envelope-from ldfsilva@gmail.com) Received: from mail-vc0-f182.google.com (mail-vc0-f182.google.com [209.85.220.182]) by mx1.freebsd.org (Postfix) with ESMTP id 60E418FC14 for ; Tue, 13 Nov 2012 01:39:42 +0000 (UTC) Received: by mail-vc0-f182.google.com with SMTP id fw7so9181942vcb.13 for ; Mon, 12 Nov 2012 17:39:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=TMap3xXVufPWqDMdLFrxQm4KZbiTKtYevuNbjUtIv40=; b=GKnzpATXmA5RAkVieJhl11YMtf9FJBJhA4eZhRFsViurRK+RA/ybjyrXnbbeEa+Jqm vp1r5DH76qrYfrNNK8NGfXuoA0WKNxq9mNNPgyFaIk7sik/Wz30ZM1b1TNbUP2BTueRx Bxns3JtgYdcoDQIbTiW9ZCiUC2U8Hzv+jDFb9UQpJjfF/HTYv+tIr7wQYJr/Yz0T6jTl aESCu7yaZQbORu7Cl+Al/6K2MR3LZ2kSrPIzwkzMzV6kq9zEBFOBSmais1TLILHkfgbQ PkMJtnmeJ6Nj7RDJh4oE72htVTFQF/M/A5GvKdQb4T1eQmIa3eK3H6qNdwiNPVnU/OTm x/Qw== MIME-Version: 1.0 Received: by 10.220.150.14 with SMTP id w14mr3232785vcv.13.1352770781569; Mon, 12 Nov 2012 17:39:41 -0800 (PST) Received: by 10.58.164.67 with HTTP; Mon, 12 Nov 2012 17:39:41 -0800 (PST) Date: Mon, 12 Nov 2012 23:39:41 -0200 Message-ID: Subject: ftp-master availability From: Leandro Silva To: freebsd-hubs@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-hubs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "FreeBSD Distributions Hubs: mail sup ftp" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Nov 2012 01:39:42 -0000 Greetings folks, Does anybody know if ftp-master is currently unavailable? As follows the path I'm getting at this moment: traceroute to ftp-master.FreeBSD.org (8.8.178.68), 64 hops max, 52 byte packets 1 styx (143.106.51.37) 0.221 ms 0.178 ms 0.186 ms 2 area1-gw.unicamp.br (143.106.1.1) 0.643 ms 0.539 ms 0.567 ms 3 ptp-ncc-nct.unicamp.br (143.106.199.1) 0.668 ms 0.473 ms 0.471 ms 4 unicamp-g01-ni400.cas.ansp.br (143.106.99.25) 0.369 ms 0.287 ms 0.365 ms 5 ansp.ptta.ansp.br (200.136.37.1) 3.765 ms 13.293 ms 3.568 ms 6 198.32.252.141 (198.32.252.141) 114.285 ms 114.310 ms 114.251 ms 7 te7-3.ccr02.mia03.atlas.cogentco.com (38.104.94.73) 305.887 ms 174.452 ms 114.543 ms 8 te9-7.ccr02.mia01.atlas.cogentco.com (154.54.25.13) 118.574 ms te7-7.ccr02.mia01.atlas.cogentco.com (154.54.24.233) 205.036 ms te9-8.ccr02.mia01.atlas.cogentco.com (154.54.80.53) 230.758 ms 9 te0-3-0-5.ccr22.iah01.atlas.cogentco.com (154.54.30.37) 142.203 ms te0-2-0-6.ccr22.iah01.atlas.cogentco.com (154.54.24.197) 142.273 ms te0-2-0-6.mpd22.iah01.atlas.cogentco.com (154.54.25.74) 142.142 ms 10 te0-2-0-3.ccr22.lax01.atlas.cogentco.com (154.54.45.2) 177.996 ms te0-1-0-6.mpd22.lax01.atlas.cogentco.com (154.54.0.245) 177.957 ms te0-0-0-3.ccr22.lax01.atlas.cogentco.com (154.54.44.254) 178.113 ms 11 te0-1-0-5.ccr22.sjc01.atlas.cogentco.com (154.54.25.190) 190.070 ms te0-0-0-2.ccr22.sjc01.atlas.cogentco.com (154.54.5.69) 190.088 ms te0-5-0-2.ccr22.sjc01.atlas.cogentco.com (154.54.85.38) 190.073 ms 12 te0-2-0-2.ccr22.sjc03.atlas.cogentco.com (154.54.41.214) 190.662 ms te0-0-0-7.ccr22.sjc03.atlas.cogentco.com (154.54.41.210) 190.817 ms te0-1-0-3.ccr22.sjc03.atlas.cogentco.com (154.54.6.102) 190.753 ms 13 te4-2.mag01.sjc03.atlas.cogentco.com (154.54.82.94) 190.445 ms 190.286 ms 190.393 ms 14 yahoo.sjc03.atlas.cogentco.com (154.54.12.98) 188.889 ms yahoo.sjc03.atlas.cogentco.com (154.54.13.38) 189.007 ms 188.985 ms 15 ae-4.pat1.sjc.yahoo.com (216.115.105.16) 189.889 ms ae-5.pat1.sjc.yahoo.com (216.115.105.18) 188.630 ms ae-4.pat1.sjc.yahoo.com (216.115.105.16) 188.829 ms 16 routerer-pat1.freebsd.org (216.115.101.225) 189.588 ms 189.898 ms 189.694 ms 17 routerer-pat1.freebsd.org (216.115.101.225) 189.742 ms !H 189.480 ms !H 189.670 ms !H thanks, leandro From owner-freebsd-hubs@FreeBSD.ORG Tue Nov 13 02:23:46 2012 Return-Path: Delivered-To: freebsd-hubs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 177BF9CE for ; Tue, 13 Nov 2012 02:23:46 +0000 (UTC) (envelope-from linimon@lonesome.com) Received: from mail.soaustin.net (pancho.soaustin.net [76.74.250.40]) by mx1.freebsd.org (Postfix) with ESMTP id E56B28FC16 for ; Tue, 13 Nov 2012 02:23:44 +0000 (UTC) Received: by mail.soaustin.net (Postfix, from userid 502) id BCE755602F; Mon, 12 Nov 2012 20:23:38 -0600 (CST) Date: Mon, 12 Nov 2012 20:23:38 -0600 From: Mark Linimon To: Leandro Silva Subject: Re: ftp-master availability Message-ID: <20121113022338.GA29332@lonesome.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.20 (2009-06-14) Cc: freebsd-hubs@freebsd.org X-BeenThere: freebsd-hubs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "FreeBSD Distributions Hubs: mail sup ftp" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Nov 2012 02:23:46 -0000 We are currently working on issues in the cluster. Please stay tuned. mcl From owner-freebsd-hubs@FreeBSD.ORG Tue Nov 13 04:28:03 2012 Return-Path: Delivered-To: freebsd-hubs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id AE66F8D9 for ; Tue, 13 Nov 2012 04:28:03 +0000 (UTC) (envelope-from ldfsilva@gmail.com) Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 55F358FC0C for ; Tue, 13 Nov 2012 04:28:02 +0000 (UTC) Received: by mail-vb0-f54.google.com with SMTP id l1so9147625vba.13 for ; Mon, 12 Nov 2012 20:28:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=HG8DutL8r/kYCeIkzJDVydWFSJ8CN8WVI9hG7bbYDZg=; b=ito7gX+nP/hcvwf+0HRvY02yO2yOSIU4YXjzm9DHURSx69/E+DApMleBcjS5K7Ryy5 e4xjMnb7yJaeVo8Pz5TijfMmMTwSNWNZXq2Oitcdw5V6D+qJmzHRJLQXGrb+fSzNvVkj wR9OQ0cYG3H67rScir6CNN8Lw3azpxAxIUNytphgvCv9AYT+ItUTtHTx85gZehRx98BN VVFjriE7Cl5a3AMPvBOdBl80k20jCLHa2gHNGYKcdIJPBWx8ZuoitTiOSEHUGgCtNht8 oeZf/BDlLawjkj1gGnq2DEHY22GQ2q4IL8jVYMtJlFdC2Ag5guapnXmSrfb732nGWafG dERQ== MIME-Version: 1.0 Received: by 10.221.0.212 with SMTP id nn20mr3796833vcb.32.1352780882115; Mon, 12 Nov 2012 20:28:02 -0800 (PST) Received: by 10.58.164.67 with HTTP; Mon, 12 Nov 2012 20:28:02 -0800 (PST) In-Reply-To: <20121113022338.GA29332@lonesome.com> References: <20121113022338.GA29332@lonesome.com> Date: Tue, 13 Nov 2012 02:28:02 -0200 Message-ID: Subject: Re: ftp-master availability From: Leandro Silva To: Mark Linimon Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: freebsd-hubs@freebsd.org X-BeenThere: freebsd-hubs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "FreeBSD Distributions Hubs: mail sup ftp" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Nov 2012 04:28:03 -0000 On Tue, Nov 13, 2012 at 12:23 AM, Mark Linimon wrote: > We are currently working on issues in the cluster. Please stay tuned. > Ok, thanks Mark > > mcl > From owner-freebsd-hubs@FreeBSD.ORG Thu Nov 15 12:32:18 2012 Return-Path: Delivered-To: freebsd-hubs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BB1C8884 for ; Thu, 15 Nov 2012 12:32:18 +0000 (UTC) (envelope-from lolo@troll.free.org) Received: from troll.free.org (unknown [IPv6:2a01:e0b:1:e::58bf:fc8c]) by mx1.freebsd.org (Postfix) with ESMTP id 5135A8FC0C for ; Thu, 15 Nov 2012 12:32:18 +0000 (UTC) Received: by troll.free.org (Postfix, from userid 500) id 9D8941705CA; Thu, 15 Nov 2012 13:31:54 +0100 (CET) Date: Thu, 15 Nov 2012 13:31:54 +0100 From: Laurent Frigault To: Mark Linimon Subject: Re: ftp-master availability Message-ID: <20121115123154.GA84490@troll.free.org> References: <20121113022338.GA29332@lonesome.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline In-Reply-To: <20121113022338.GA29332@lonesome.com> X-Powered-By: UUCP User-Agent: Mutt/1.5.20 (2009-06-14) Cc: freebsd-hubs@freebsd.org X-BeenThere: freebsd-hubs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "FreeBSD Distributions Hubs: mail sup ftp" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Nov 2012 12:32:18 -0000 On Mon, Nov 12, 2012 at 08:23:38PM -0600, Mark Linimon wrote: > We are currently working on issues in the cluster. Please stay tuned. Looks like something has changed. traceroute is now ok (no more no route to host error ) but the rsync daemon has not been restarted yet : % telnet -4 -s 88.191.250.131 ftp-master.FreeBSD.org 873 Trying 8.8.178.68... telnet: connect to address 8.8.178.68: Connection refused telnet: Unable to connect to remote host Regards, -- Laurent Frigault | Free.org From owner-freebsd-hubs@FreeBSD.ORG Sat Nov 17 00:49:02 2012 Return-Path: Delivered-To: freebsd-hubs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 748C164D for ; Sat, 17 Nov 2012 00:49:02 +0000 (UTC) (envelope-from cwt@networks.cwu.edu) Received: from nsc0.cwu.edu (nsc0.cwu.edu [72.233.196.16]) by mx1.freebsd.org (Postfix) with ESMTP id 435568FC0C for ; Sat, 17 Nov 2012 00:49:01 +0000 (UTC) Received: from sherpani.cts.cwu.edu (sherpani.cts.cwu.edu [192.168.15.16]) by nsc0.cwu.edu (8.14.3/8.14.3) with ESMTP id qAH0VUdN081481; Fri, 16 Nov 2012 16:31:30 -0800 (PST) (envelope-from cwt@networks.cwu.edu) Received: from sherpani.cts.cwu.edu (localhost [127.0.0.1]) by sherpani.cts.cwu.edu (8.14.5/8.14.5) with ESMTP id qAH0VUuG083501; Fri, 16 Nov 2012 16:31:30 -0800 (PST) (envelope-from cwt@networks.cwu.edu) Received: from localhost (cwt@localhost) by sherpani.cts.cwu.edu (8.14.5/8.14.5/Submit) with ESMTP id qAH0VTJN083498; Fri, 16 Nov 2012 16:31:30 -0800 (PST) (envelope-from cwt@networks.cwu.edu) X-Authentication-Warning: sherpani.cts.cwu.edu: cwt owned process doing -bs Date: Fri, 16 Nov 2012 16:31:29 -0800 (PST) From: Chris Timmons X-X-Sender: cwt@sherpani.cts.cwu.edu To: Milan Obuch Subject: Re: Does svn-to-cvs still work? & How to use freebsd-update? In-Reply-To: <20121115113855.38923fdc@zeta.dino.sk> Message-ID: References: <20121115113855.38923fdc@zeta.dino.sk> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Greylist: Sender DNS name whitelisted, not delayed by milter-greylist-4.0 (nsc0.cwu.edu [72.233.196.16]); Fri, 16 Nov 2012 16:31:30 -0800 (PST) Cc: freebsd-hubs@freebsd.org X-BeenThere: freebsd-hubs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "FreeBSD Distributions Hubs: mail sup ftp" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Nov 2012 00:49:02 -0000 cvsup.freebsd.org is updating from cvsup-master, but no ports or source changes have been coming down in the last few days. I'm seeing updates to gnats tickets and other content however. Perhaps there are release engineering commit freezes in place? On Thu, 15 Nov 2012, Milan Obuch wrote: > Hello, > > it looks like updating source/ports via csup does not work for some > time. I was using for a long time simple command sequence > > csup -h cvsup.freebsd.org /usr/share/examples/cvsup/stable-supfile > csup -h cvsup.freebsd.org /usr/share/examples/cvsup/ports-supfile > > to update both source files and ports collection. For some (maybe five) > days there is nothing updated. Is svn-to-cvs stil working? In some mail > there was announced February 2013 as last time it will work (writing > from my memory, not looking up this mail in some archive, so I could be > wrong). From owner-freebsd-hubs@FreeBSD.ORG Sat Nov 17 02:44:39 2012 Return-Path: Delivered-To: freebsd-hubs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 70CB3429 for ; Sat, 17 Nov 2012 02:44:39 +0000 (UTC) (envelope-from lists@eitanadler.com) Received: from mail-la0-f54.google.com (mail-la0-f54.google.com [209.85.215.54]) by mx1.freebsd.org (Postfix) with ESMTP id DC9C98FC08 for ; Sat, 17 Nov 2012 02:44:38 +0000 (UTC) Received: by mail-la0-f54.google.com with SMTP id j13so3210360lah.13 for ; Fri, 16 Nov 2012 18:44:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eitanadler.com; s=0xdeadbeef; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=tdMgc2OY7R/cCm6+XkEy3++ASAZWhHP80F5T6HuZKlU=; b=AdQtCj4tzoosWRNTGjmCwt4YDJ5Hrf9Ems3sqsj7nAdu3dtTYbEvGOszKFUxt2Md8K pU2I32n5ndb1HSB9zvOi+h1Ws45RHUdSJGWxR7c+a75AQbpZncEXJL/viAmyp0dw0RuA uOXT+q6XmW6gBcEcQ0Jr9wXpw2OmEW4JmbRhg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=tdMgc2OY7R/cCm6+XkEy3++ASAZWhHP80F5T6HuZKlU=; b=exnzsBsL9h+cQhe9DDT6AdmFWBPzHJAaU8FK8oPsQej7CHCKR6y/nHS5hbeQy27DeX ynfpYvLhcpERLR88VZWoe5q3LiXW/GPIl0AksJYcIkhNzBSpJsD9f+aFkc4rULtwyd6X P2TnKRoacMIYFy9JSEw4/8d6oIQwRkg0sNkHV1xm2CCtb6KBgsUxBpSdpmUVMWNL5zHB Aeg1hf8hV/wtSTbh4zKXvCB6eFQatiW96sKICEModizWEX0DHYa9QWK1b3s1Ehb1QG8n WgYwxSHbb8Y0UogkTcZ20Hs85SeX0eb5VpE9BN3xFYPefTp/zp8q3fPP/T9gbuK2SY+o SSfg== Received: by 10.112.103.136 with SMTP id fw8mr2770763lbb.18.1353120277336; Fri, 16 Nov 2012 18:44:37 -0800 (PST) MIME-Version: 1.0 Received: by 10.112.25.166 with HTTP; Fri, 16 Nov 2012 18:44:07 -0800 (PST) In-Reply-To: References: <20121115113855.38923fdc@zeta.dino.sk> From: Eitan Adler Date: Fri, 16 Nov 2012 21:44:07 -0500 Message-ID: Subject: Re: Does svn-to-cvs still work? & How to use freebsd-update? To: Chris Timmons Content-Type: text/plain; charset=UTF-8 X-Gm-Message-State: ALoCoQlbAHBut3afhWEELefa2Q0LnLC0ObueH/z39Zy3k6yEwNfkhMFMSdGVicSFr1yfSxzhYwbv Cc: freebsd-hubs@freebsd.org, Milan Obuch X-BeenThere: freebsd-hubs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "FreeBSD Distributions Hubs: mail sup ftp" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Nov 2012 02:44:39 -0000 On 16 November 2012 19:31, Chris Timmons wrote: > > cvsup.freebsd.org is updating from cvsup-master, but no ports or source > changes have been coming down in the last few days. I'm seeing updates to > gnats tickets and other content however. Perhaps there are release > engineering commit freezes in place? The SVN-to-CVS converter is currently broken. People are working on fixing this ASAP. There have been multiple posts to the mailing lists about this. -- Eitan Adler From owner-freebsd-hubs@FreeBSD.ORG Sat Nov 17 20:00:12 2012 Return-Path: Delivered-To: freebsd-hubs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CB04F78D; Sat, 17 Nov 2012 20:00:12 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 601468FC18; Sat, 17 Nov 2012 20:00:12 +0000 (UTC) Received: by mail-ob0-f182.google.com with SMTP id 16so4790120obc.13 for ; Sat, 17 Nov 2012 12:00:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=eEZebhEa120cHs09zQV+wxTjYj+r9MyZMv6nxLZhZjo=; b=kNicltchmN65YQ4qJmaUOz6v+etBw+e0sRV2evlJFaljKUDqvpJ6H6tnV13jGzCLUG kNn63zV/HCsrJ3n0DZwiSAkySFJBJSkzi/o//VeQSczturmG2yXWE8EKhVOSqDAhegXz FJhK8FMODiVEFWwOZhfUTrfBuQwVfyCTHXC2I/0wVADAawIzOmZPjbZlftfDUxtwGGeC MK+O6ZUBpHhehAhXk6KHpTxnungYeS9VRP5fawQts1bYJU1rIy1KnRWRffTfgrCtr8rz BJLeD319zojEStRmK73prxv9w/NDHp+HOrSE99xiRVq5l+a9zDfprJKBvs2NS9sA3GOM 83Xg== MIME-Version: 1.0 Received: by 10.60.2.103 with SMTP id 7mr7104777oet.79.1353182406751; Sat, 17 Nov 2012 12:00:06 -0800 (PST) Received: by 10.76.68.39 with HTTP; Sat, 17 Nov 2012 12:00:06 -0800 (PST) Date: Sat, 17 Nov 2012 15:00:06 -0500 Message-ID: Subject: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] From: grarpamp To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=UTF-8 Cc: freebsd-hackers@freebsd.org, freebsd-hubs@freebsd.org, freebsd-security@freebsd.org X-BeenThere: freebsd-hubs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "FreeBSD Distributions Hubs: mail sup ftp" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Nov 2012 20:00:12 -0000 http://www.freebsd.org/news/2012-compromise.html http://it.slashdot.org/story/12/11/17/143219/freebsd-project-discloses-security-breach-via-stolen-ssh-key This is not about this incident, but about why major opensource projects need to be using a repository that has traceable, verifiable, built-in cryptographic authentication. Any of hundreds of committer and admin accounts could be compromised with the attacker silently editing the repo. The same applies to any of those accounts going rogue. Backtrack diffing from a breach to 'see what changed' is not the ideal option. You really need to be using a strong repo so that any attack on it is null from the start. Another problem is bit rot wherever it may occur... disk, hardware, the wire, EMP and other systems. As it is now, we have no way to verify that what we get on pressed CD's, ISO's, FTP sites, torrents, etc is strongly linked back to the original repo. Signing over a hash of the ISO is *not* the same as including the strong repo hash (commit) that was used to build the release and then signing over that and the ISO. We can't know that our local repository updates match the master. ports.tar.gz has no authentication either. Nor does anything in the entire project that originates from the current SVN/CVS repo... webpages, docs, tools, source tarballs, etc. The FTP packages aren't signed, and there are weak MD5's used in various parts of the install/package tools, mirrors, etc. We can't trade hashes amongst people. It's all just a bunch of random bits that someone may or may not have signed over. And even if signed they still wouldn't be strongly linked back to the master repo. Having such a disconnect at the root of everything you do is simply not good practice these days. And these days, Git is what people and projects are moving to, and its rate of adoption and prevalence have essentially won out over all the rest in the new 'revision control 2.0 world'. And knowing Git is now more or less essential if you want to participate in a wide variety of community development, ref: github, etc. The FreeBSD project needs to be providing both itself, and its users and benefactors with verifiable assurance that its repository, and any copies and derived products, are authentic and intact. Don't argue against such a repository feature, or the cost to move, or bury your head in the sand by saying it could never happen to us... Take this as a real opportunity to lead amongst the major opensource projects like Linux, and among the BSD's (like DragonFly has), and move to Git. Once the root is fixed, you can push out secure distribution and update models from there. It all starts at the root and can't be done without it. https://www.kernel.org/pub/software/scm/git/docs/git-fsck.html Verifies the connectivity and validity of the objects in the database http://git-scm.com/about/info-assurance The data model that Git uses ensures the cryptographic integrity of every bit of your project. Every file and commit is checksummed and retrieved by its checksum when checked back out. It's impossible to get anything out of Git other than the exact bits you put in. It is also impossible to change any file, date, commit message, or any other data in a Git repository without changing the IDs of everything after it. This means that if you have a commit ID, you can be assured not only that your project is exactly the same as when it was committed, but that nothing in its history was changed. https://en.wikipedia.org/wiki/Git_(software) The Git history is stored in such a way that the id of a particular revision (a "commit" in Git terms) depends upon the complete development history leading up to that commit. Once it is published, it is not possible to change the old versions without it being noticed. The structure is similar to a hash tree, but with additional data at the nodes as well as the leaves. Some references... http://git-scm.com/ https://github.com/ http://gitweb.dragonflybsd.org/dragonfly.git https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git From owner-freebsd-hubs@FreeBSD.ORG Sat Nov 17 20:42:14 2012 Return-Path: Delivered-To: freebsd-hubs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D7EAD5A4; Sat, 17 Nov 2012 20:42:14 +0000 (UTC) (envelope-from fidaj@ukr.net) Received: from fsm2.ukr.net (fsm2.ukr.net [195.214.192.121]) by mx1.freebsd.org (Postfix) with ESMTP id 64F188FC14; Sat, 17 Nov 2012 20:42:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ukr.net; s=fsm; h=Content-Transfer-Encoding:Content-Type:Mime-Version:References:In-Reply-To:Message-ID:Subject:Cc:To:From:Date; bh=KkVc4Kfh0xFnqQkT+o5OWwY4+X3OcSmK7ZyH2sXT6s0=; b=Ye1wH+yTCZdZfb3s8jgwrkOGF/I+hXNiD2eA1IiusepDJ9zqGUKVnR5njMVhKSggARZ8mLbUrnc03mIPVeJW5JmJ46NxCYgzGfem1a/XGLoS4mQNHM8SO7G+Igzsir2C9A8SE+iZnhJ+mwuMFmaOxB7QlO/ss4/fCEPsJl4CSzI=; Received: from [178.137.138.140] (helo=nonamehost) by fsm2.ukr.net with esmtpsa ID 1TZojz-000FQR-Sl ; Sat, 17 Nov 2012 22:11:48 +0200 Date: Sat, 17 Nov 2012 22:11:43 +0200 From: Ivan Klymenko To: grarpamp Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] Message-ID: <20121117221143.41c29ba2@nonamehost> In-Reply-To: References: X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.10; x86_64-pc-linux-gnu) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAFVBMVEWpqak/Pz/i4uIfHx8GBwZwcHAQEBA6o92AAAACHElEQVQ4jWWUTY7bMAyF6QzUPSEoa8PFHEBgqwuM4bVVg7MvZOj+R+ijpMTpjIwgkT7z75EKrdfattpXERG6zqvUOtAr2LCRYfEKcB4l/Q+2cc6XjQH7hv+2YZYreIk5nevZEPvuzUzptizHLzgDMnC5Wpbl7ewJlOEqlQF+DlCjgVLki0WV6FMDMsBxjlJiQulIznwZ+DxHiQyDyIg0wN3Oo6o6ZQ5s5AIfar+W2Wlmz+kCcb8tg6j3voMEwNrBQk69dDBDqw/urpqJH+m+Q6u/4QnoAeYpnUXC/s1iup9rhCd6xMgAqdDyAyFegbKkVAHeLCcOulPLawaoUIDos4M88iLNrVkU7uu5ccTDO6naJzWLum51C6Yb7y4HKKbdArLWir0PBiS8glJRBZHeyHl7J9lENpAC6qT9NlNG4u5hsVYDyJP6mlJJtY3oVju4WSUzHal1sDU17NASoBWSk40J2eBLBJhYrVmzC5gVALGpNIAiQgN6eGstOp9Oa6zFbbLTISYi28BGZDRUJKWeroECkCEkzXjUtbmmaKMfAx2RfbT69/cO+tgHcmx6AfyZOmj3NDIah0F0GB66d4CrdIoplNFFGHSpSheRxbo0W4S8azNItEoMWbw3uXAeJgCrmX5joz7CGXqSg6PcryEhnFr/C1C2ntPxBOYbdwY+8dO3+wZJyFlbMX9s8zNnvp/tLwAv03NB4j3HVpn8Awwm+GrlP6MVAAAAAElFTkSuQmCC Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-hackers@freebsd.org, freebsd-hubs@freebsd.org, freebsd-questions@freebsd.org, freebsd-security@freebsd.org X-BeenThere: freebsd-hubs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "FreeBSD Distributions Hubs: mail sup ftp" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Nov 2012 20:42:15 -0000 =D0=92 Sat, 17 Nov 2012 15:00:06 -0500 grarpamp =D0=BF=D0=B8=D1=88=D0=B5=D1=82: > http://www.freebsd.org/news/2012-compromise.html > http://it.slashdot.org/story/12/11/17/143219/freebsd-project-discloses-se= curity-breach-via-stolen-ssh-key >=20 > This is not about this incident, but about why major opensource > projects need to be using a repository that has traceable, verifiable, > built-in cryptographic authentication. >=20 > Any of hundreds of committer and admin accounts could be compromised > with the attacker silently editing the repo. The same applies to > any of those accounts going rogue. Backtrack diffing from a breach > to 'see what changed' is not the ideal option. You really need to > be using a strong repo so that any attack on it is null from the > start. Another problem is bit rot wherever it may occur... disk, > hardware, the wire, EMP and other systems. >=20 > As it is now, we have no way to verify that what we get on pressed > CD's, ISO's, FTP sites, torrents, etc is strongly linked back to > the original repo. Signing over a hash of the ISO is *not* the same > as including the strong repo hash (commit) that was used to build > the release and then signing over that and the ISO. We can't know > that our local repository updates match the master. ports.tar.gz > has no authentication either. Nor does anything in the entire project > that originates from the current SVN/CVS repo... webpages, docs, > tools, source tarballs, etc. The FTP packages aren't signed, and > there are weak MD5's used in various parts of the install/package > tools, mirrors, etc. We can't trade hashes amongst people. It's all > just a bunch of random bits that someone may or may not have signed > over. And even if signed they still wouldn't be strongly linked > back to the master repo. Having such a disconnect at the root of > everything you do is simply not good practice these days. >=20 > And these days, Git is what people and projects are moving to, and > its rate of adoption and prevalence have essentially won out over > all the rest in the new 'revision control 2.0 world'. And knowing > Git is now more or less essential if you want to participate in a > wide variety of community development, ref: github, etc. >=20 > The FreeBSD project needs to be providing both itself, and its users > and benefactors with verifiable assurance that its repository, and > any copies and derived products, are authentic and intact. >=20 > Don't argue against such a repository feature, or the cost to move, > or bury your head in the sand by saying it could never happen to us... >=20 > Take this as a real opportunity to lead amongst the major opensource > projects like Linux, and among the BSD's (like DragonFly has), and > move to Git. >=20 > Once the root is fixed, you can push out secure distribution and > update models from there. It all starts at the root and can't be > done without it. >=20 > https://www.kernel.org/pub/software/scm/git/docs/git-fsck.html > Verifies the connectivity and validity of the objects in the database >=20 > http://git-scm.com/about/info-assurance > The data model that Git uses ensures the cryptographic integrity > of every bit of your project. Every file and commit is checksummed > and retrieved by its checksum when checked back out. It's impossible > to get anything out of Git other than the exact bits you put in. > It is also impossible to change any file, date, commit message, > or any other data in a Git repository without changing the IDs of > everything after it. This means that if you have a commit ID, you > can be assured not only that your project is exactly the same as > when it was committed, but that nothing in its history was changed. >=20 > https://en.wikipedia.org/wiki/Git_(software) > The Git history is stored in such a way that the id of a particular > revision (a "commit" in Git terms) depends upon the complete > development history leading up to that commit. Once it is published, > it is not possible to change the old versions without it being > noticed. The structure is similar to a hash tree, but with additional > data at the nodes as well as the leaves. >=20 > Some references... > http://git-scm.com/ > https://github.com/ > http://gitweb.dragonflybsd.org/dragonfly.git > https://git.kernel.org/?p=3Dlinux/kernel/git/stable/linux-stable.git LOL And how will this help Linux? http://lwn.net/Articles/457142/ From owner-freebsd-hubs@FreeBSD.ORG Sat Nov 17 20:59:47 2012 Return-Path: Delivered-To: freebsd-hubs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 477FFBCB; Sat, 17 Nov 2012 20:59:47 +0000 (UTC) (envelope-from gmx@ross.cx) Received: from www81.your-server.de (www81.your-server.de [213.133.104.81]) by mx1.freebsd.org (Postfix) with ESMTP id EC68E8FC08; Sat, 17 Nov 2012 20:59:46 +0000 (UTC) Received: from [92.76.78.204] (helo=michael-think) by www81.your-server.de with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.74) (envelope-from ) id 1TZpUI-0001f1-Of; Sat, 17 Nov 2012 21:59:38 +0100 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes To: grarpamp , "Ivan Klymenko" Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] References: <20121117221143.41c29ba2@nonamehost> Date: Sat, 17 Nov 2012 21:59:28 +0100 MIME-Version: 1.0 Content-Transfer-Encoding: Quoted-Printable From: "Michael Ross" Message-ID: In-Reply-To: <20121117221143.41c29ba2@nonamehost> User-Agent: Opera Mail/12.10 (Win32) X-Authenticated-Sender: gmx@ross.cx X-Virus-Scanned: Clear (ClamAV 0.97.5/15583/Thu Nov 15 22:54:47 2012) Cc: freebsd-hackers@freebsd.org, freebsd-hubs@freebsd.org, freebsd-questions@freebsd.org, freebsd-security@freebsd.org X-BeenThere: freebsd-hubs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "FreeBSD Distributions Hubs: mail sup ftp" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Nov 2012 20:59:47 -0000 On Sat, 17 Nov 2012 21:11:43 +0100, Ivan Klymenko wrote:= > =D0=92 Sat, 17 Nov 2012 15:00:06 -0500 > grarpamp =D0=BF=D0=B8=D1=88=D0=B5=D1=82: > >> http://www.freebsd.org/news/2012-compromise.html >> http://it.slashdot.org/story/12/11/17/143219/freebsd-project-disclose= s-security-breach-via-stolen-ssh-key >> >> This is not about this incident, but about why major opensource >> projects need to be using a repository that has traceable, verifiable= , >> built-in cryptographic authentication. >> > LOL And how will this help Linux? > http://lwn.net/Articles/457142/ In the first comment on the article you link to, you find this: http://www.linux.com/news/featured-blogs/171-jonathan-corbet/491001-the-= cracking-of-kernelorg where the OPs view is susbstantiated. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to = > "freebsd-questions-unsubscribe@freebsd.org" From owner-freebsd-hubs@FreeBSD.ORG Sat Nov 17 21:48:14 2012 Return-Path: Delivered-To: freebsd-hubs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9F530833; Sat, 17 Nov 2012 21:48:14 +0000 (UTC) (envelope-from utisoft@gmail.com) Received: from mail-bk0-f54.google.com (mail-bk0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id 9A2A58FC13; Sat, 17 Nov 2012 21:48:13 +0000 (UTC) Received: by mail-bk0-f54.google.com with SMTP id je9so746518bkc.13 for ; Sat, 17 Nov 2012 13:48:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=zVm6H1t6+8pxu6Rn839ytG3Zuz6aGPPx7U0hDdKh1L8=; b=MEIITNZTx9aiexLQ4ng+Kg0bVo+CBtW+dyZfHsRcqpwa603nJeifjbhlS2drIjqmLi lmj4HClW1NRj8ho0nZhW9NI/NJvsJB0+s8F5e0jhtTd03lQ7HSfadxglTJLf4QZq4MB9 t7kx+0Tu5khdzfoBYNaGzz5cayJ5yEFVlbkFfAa3KRAtaW8uVPsCEWN7mW8mZi+ATFAW mX46qmoQ8cfwPiqrrBgZ8c/BTuENZTuL/bT7vlluIIhhqnKbxrP+TrIL5BnjVsmBr5YO KNcqn41BzS4ULkQApvjNEYs59qdUWs18/RV8H+s9eRTQtRaVQp/m7UfkuLiEzJB50Kil 3jTA== MIME-Version: 1.0 Received: by 10.204.147.212 with SMTP id m20mr3357386bkv.103.1353188891384; Sat, 17 Nov 2012 13:48:11 -0800 (PST) Received: by 10.204.50.197 with HTTP; Sat, 17 Nov 2012 13:48:11 -0800 (PST) Received: by 10.204.50.197 with HTTP; Sat, 17 Nov 2012 13:48:11 -0800 (PST) In-Reply-To: References: <20121117221143.41c29ba2@nonamehost> Date: Sat, 17 Nov 2012 21:48:11 +0000 Message-ID: Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] From: Chris Rees To: Michael Ross Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: Ivan Klymenko , freebsd-hackers@freebsd.org, freebsd-hubs@freebsd.org, freebsd-questions@freebsd.org, freebsd-security@freebsd.org, grarpamp X-BeenThere: freebsd-hubs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "FreeBSD Distributions Hubs: mail sup ftp" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Nov 2012 21:48:15 -0000 On 17 Nov 2012 21:00, "Michael Ross" wrote: > > On Sat, 17 Nov 2012 21:11:43 +0100, Ivan Klymenko wrote: > >> =D0=92 Sat, 17 Nov 2012 15:00:06 -0500 >> grarpamp =D0=BF=D0=B8=D1=88=D0=B5=D1=82: >> >>> http://www.freebsd.org/news/2012-compromise.html >>> http://it.slashdot.org/story/12/11/17/143219/freebsd-project-discloses-secu= rity-breach-via-stolen-ssh-key >>> >>> This is not about this incident, but about why major opensource >>> projects need to be using a repository that has traceable, verifiable, >>> built-in cryptographic authentication. >>> > >> LOL And how will this help Linux? >> http://lwn.net/Articles/457142/ > > > In the first comment on the article you link to, you find this: > > http://www.linux.com/news/featured-blogs/171-jonathan-corbet/491001-the-cra= cking-of-kernelorg > > where the OPs view is susbstantiated. Yes, but git doesn't work with our workflow. It's been discussed several times, and changing to a tool that doesn't work for us (and is GPL btw) is no good at all. Chris