From owner-freebsd-questions@FreeBSD.ORG Sat May 24 03:42:52 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A823CB22 for ; Sat, 24 May 2014 03:42:52 +0000 (UTC) Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 410472366 for ; Sat, 24 May 2014 03:42:52 +0000 (UTC) Received: by mail-wi0-f181.google.com with SMTP id n15so1758867wiw.8 for ; Fri, 23 May 2014 20:42:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=DpUnlCpdEINSFdYi/7zpvI259fz91NKogbW0ctqNhJs=; b=t+o2DlsUL51yix4IU9VbM4jorsoHk/GBbgY0fKzu/kidBwmq9IjXtbrctxOMSFkaKJ agOWUREHy3WmO5j2fxyoyzm+W4i1ji+OOxMfSykAA+OJBmfNXMJjqzYEC2asyo7TeFWD 3pm/abUN5mRvPkJ2W9Httc13LoJFSobCDUyLF3giPpe3tpiS0y4icCQBkcEOIuQn2wyA qzCroM5Iz67U5jucSrIeZ7qC4RWrPXEv0fUtdAjDbUq3FG2RLdZcVrtWRr+dJCDfaC1l aWEaULSMFJsbBpfcHVEsSeu7aggsZ81rQFXsbGxzFDBRPFFDifn5/ZDpkdYCLe4VfxHf 9l0g== MIME-Version: 1.0 X-Received: by 10.180.98.163 with SMTP id ej3mr7588563wib.9.1400902970504; Fri, 23 May 2014 20:42:50 -0700 (PDT) Received: by 10.217.43.194 with HTTP; Fri, 23 May 2014 20:42:50 -0700 (PDT) Reply-To: David.I.Noel@gmail.com In-Reply-To: References: <537A704D.6010209@gmail.com> <537B0522.8090109@gmail.com> Date: Fri, 23 May 2014 22:42:50 -0500 Message-ID: Subject: Re: MITM attacks against portsnap and freebsd-update From: David Noel To: David Noel Content-Type: text/plain; charset=UTF-8 Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 May 2014 03:42:52 -0000 On 5/23/14, David Noel wrote: > On 5/20/14, Alnis Morics wrote: >> On 05/20/2014 09:51, n j wrote: >>> On Tue, May 20, 2014 at 12:03 AM, David Noel >>> wrote: >>>> On 5/19/14, Alnis Morics wrote: >>>>> On 05/19/2014 23:28, David Noel wrote: >>>>>> I also think it would be an appropriate time to discuss retiring >>>>>> portsnap. >>>>> Subversion checkouts and updates take much more time than Porstnap. >>>> My experience has been that both portsnap and svn update typically >>>> take under a minute to complete. >>>> >>>> Regardless, don't most people run this in the background with portsnap >>>> cron? >>>> >>> I don't. And I don't regularly update the ports tree. >>> >>> When you regularly update ports tree, the diffs svn update needs to pull >>> are relatively small. When you update, say, once a month, portsnap in my >>> experience gets the job done a lot quicker. >>> >>> My $.02, >> Exactly. And "svn checkout" is incomparably slower than "portsnap fetch >> extract". > > It wasn't a terribly popular suggestion on the security list either. > It's unfortunate that svn doesn't work for your use case -- it was a > painless transition for me. The proposal was based on a "least amount > of work required" model. Now we're actually going to have to find > someone who has the time free to patch portsnap! > Does anyone know what the requirements are for obtaining one of those supercool @freebsd.org email addresses? Would patching these bugs qualify a person for one?