Date: Wed, 27 Mar 2013 19:52:34 -0400 From: grarpamp <grarpamp@gmail.com> To: freebsd-ports@freebsd.org Subject: Re: Status of packages Message-ID: <CAD2Ti2_Ov5QKwD1LAWhdLAeOiv-%2BCH6QYYKy_5i-d6sXBOv57g@mail.gmail.com> In-Reply-To: <CAE-m3X29GhObconj0V7wxhzjh0n5jHUtqnBvd8t0euKvSOn_Hg@mail.gmail.com> References: <CAD2Ti29CQ5uchftP63niDB8ORLW7CCh%2B1qBco=P44=wtXhP7iA@mail.gmail.com> <20130326082325.GW2198@droso.net> <CAD2Ti2-3eTQ0wc-V8NLgkVANGcdigRjL5m9h_2eGFw4G=NQK5w@mail.gmail.com> <CAE-m3X1sPLUywnNnvbm50i=t0L7LGVK5woN8OexqUA0PMuEh5Q@mail.gmail.com> <CAD2Ti29S8i%2BGSFFV7O8JSKsk3StkfHWK0nE_JE4CgFWuOpFxaw@mail.gmail.com> <CAE-m3X29GhObconj0V7wxhzjh0n5jHUtqnBvd8t0euKvSOn_Hg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> No. The security concerns are that some "attacker" could infect binaries > and add dangerous code if he manages to break out of a jail Then the FreeBSD jail facilities are flawed/insufficient and need fixed. > or place > malicious code in some packages that are used as dependencies. Either the source is coming from the official committed repo and built in a proper environment, and the repo is properly insulated from all access but remote commits, or it's not. If you have that environment this is not a concern. Excepting any rogue commits you have going in to the repo. > Due to > the nature of redports many jobs by a lot of people are build in parallel and > ports depend on each other so you cannot trust the machine anymore and > the only way to proceed would be by wiping the box and restarting from > scratch. Since the packages are not shared accross multiple machines nor > made available to users the risk is that the machine has to be wiped but it > could never infect any user. > In addition to that redports does a lot to make sure that user modified > packages are not reused and environments are cleaned after each build > but nobody says it's impossible. Afaik, redports is an external developer (porter/user) buildservice. It's not the same as the official pointyhat service. What I'm getting at is that somewhere there should be an official port/package build running in what amounts to a continuous loop (whether triggered and dependency queued by commits, or simply once every N timeframes). And that having that dataset available can be useful to both porters and users until a convenient tag is laid down and it's pushed out to supported distribution. Today, unsupported interim packages aren't available, even though the same (possibly temporarily broken at times) ports code for them is... only if a user is willing and able to build them. >From a production standpoint, so long as you know your master repo is intact (hashed repo, etc), loss of any periphery box or system should not take six months to recover from. Simply nuke it, re install/provision, check out the tools and start pushing packages out again. That production recovery process should be separate from designing and deploying new commit, build and distribution systems. Anyways, many of this things are coming together now I'm sure, so no worries :)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAD2Ti2_Ov5QKwD1LAWhdLAeOiv-%2BCH6QYYKy_5i-d6sXBOv57g>