Date: Mon, 08 Aug 2005 12:53:25 -0700 From: Colin Percival <cperciva@freebsd.org> To: Stijn Hoop <stijn@win.tue.nl> Cc: freebsd-arch@freebsd.org Subject: Re: /usr/portsnap vs. /var/db/portsnap Message-ID: <42F7B835.4050504@freebsd.org> In-Reply-To: <20050807214618.GG70957@pcwin002.win.tue.nl> References: <42F5BC19.5040602@freebsd.org> <20050807.211240.75793221.hrs@allbsd.org> <42F60443.2040301@freebsd.org> <20050807.231125.26489231.hrs@allbsd.org> <42F61960.4020400@freebsd.org> <20050807160452.GF70957@pcwin002.win.tue.nl> <42F632B3.90704@freebsd.org> <20050807214618.GG70957@pcwin002.win.tue.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Stijn Hoop wrote: > On Sun, Aug 07, 2005 at 09:11:31AM -0700, Colin Percival wrote: >>Two reasons come to mind: First, the portsnap chain of security starts >>with running cvsup to cvsup-master through a tunnel to freefall... a >>non-committer wouldn't be able to do that. > > OK, I'm still arguing in the hypothetical case, but why is it insecure > then to redistribute a copy of a portsnap'd ports tree + local patches? Hmm. I didn't think of that option. I guess it would be ok, as long as the machine which was doing the repackaging was kept secure. Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42F7B835.4050504>