From owner-freebsd-questions@FreeBSD.ORG Sun Nov 18 06:21:13 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 513E8D57 for ; Sun, 18 Nov 2012 06:21:13 +0000 (UTC) (envelope-from mailer@elasticemail.com) Received: from mail1047.elasticemail.info (mail1047.elasticemail.info [176.31.7.47]) by mx1.freebsd.org (Postfix) with SMTP id A83658FC08 for ; Sun, 18 Nov 2012 06:21:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; bh=8BjSJmIb9KxxHCtGEjF+CW/SUo0=; c=relaxed/relaxed; d=elasticemail.com; s=api; h=DomainKey-Signature:MIME-Version:Subject:Date:From:Reply-To:To:List-Unsubscribe:Message-ID:Content-Type; b=O9J6x1+dJYeMkMgjg4SmJZC0MfP9pUUTQf6SZUkvG2wJbwRQT2OoXtqukud8VKEUOOBlWsXqgW4Fd35MTXIaLFeejhWxSkwb7S85gafI1J1UHo52tfwZeJw7vFBOLS6MNV7D6GcFxyhZcHVegulPpY1awYC5A0iU94f/5cCmMDM= DomainKey-Signature: q=dns; a=rsa-sha1; c=simple; d=elasticemail.com; s=api; h=MIME-Version:X-Mailer:X-Priority:Subject:Date:From:Reply-To:To:List-Unsubscribe:Message-ID:Content-Type; b=Uyf+NMvCDkxJR5j88S0U0yvEphKya6Zbl8r7FR+d90/S3wcRV6PFDeMpFf1FD8MXAer5Qyl574i+Rb0rp2PSSgz071g2c66NYx0pFBRAL7VxHfP8WndQfRz8sbj7++jcJvg3PUDdQfVmjOYpMluwl2FXGNLdkty8VSZ5z/LUk44= MIME-Version: 1.0 X-Mailer: elasticemail.com X-Priority: 3 (Normal) Subject: Enjoy the benefits of a fast and easy bill management Date: Sun, 18 Nov 2012 06:08:01 +0000 From: "GreenPost" To: freebsd-questions@freebsd.org Message-ID: <4tnd2gry8h34.lmpy5e-fexj860r@elasticemail.com> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: GreenPost List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2012 06:21:13 -0000 Tm93IHZpZXcgYWxsIHlvdXIgYmlsbHMgYW5kIHBheSB0aGVtIGF0IDEtY2xpY2suIEFueXRpbWUs IEFueXdoZXJlLiANCiBNYWxheXNpYSAtIE1heGlzLCBEaUdpLCBUTkIsIEFzdHJvLCBDZWxjb20s IFUgTW9iaWxlLCBUTSwgWWVzLCBQMSwgSW5kYWggV2F0ZXIsIFNZQUJBUywgS0dQQSwgS1JQTSwg U3RhcmhpbGwgR86/bGYgUmVzzr9ydC4gDQogU2luZ2Fwb3JlIC0gU3RhciBIdWIsIE0xLCBTaW5n VGVsLCBTaW5nYXBvcmUgUG93ZXIsIE5VU1MsIEtlcHBlbCBDbM+FYiwgU3VuUGFnZSwgU2cgU3dp bW1pbmcgQ2zPhWIsIFBob2VuaXggQ29tbXMsIFpPTkUgVGVsZWNvbSwgVGVtYXNlayBDbM+FYiwg QW1lcmljYW4gQ2zPhWIsIE15UmVwdWJsaWMsIE5TUkNDLiANCiBXZSBhcmUgYWxzbyBpbiBBdXN0 cmFsaWEsIFBoaWxpcHBpbmVzLCBJbmRvbmVzaWEsIFNyaSBMYW5rYSwgVUFFLiANCiBJbnRyb2R1 Y2luZyBhIGhhc3NsZS1mwq1yZWUgYmlsbCBtYW5hZ2VtZW50IHNlcnZpY2UhIA0KIFdlIGFyZSBH cmVlblBvc3QsIGEgZmFzdCwgZWFzeSBhbmQgZWNvLWZyaWVuZGx5IGJpbGwgbWFuYWdlbWVudCBz eXN0ZW0gdGhhdCBlbmFibGVzIHlvdSB0byBtYW5hZ2UgYWxsIHlvdXIgYmlsbHMgb25saW5lIGFu ZCBvbiB0aGUgZ28hIA0KIDEuICBPTkUgc2luZ2xlIGxvZ2luLSB0ZWxlcGhvbmUsIGVsZWN0cmlj aXR5LCBpbnRlcm5ldCBhbmQgY2zPhWIgYmlsbHMgDQogMi4gIDEtQ2xpY2sgQmlsbCBQYXltZW50 cyBmb3IgYWxsIE1hbGF5c2lhIGJpbGxzIA0KIDMuICBBd2FyZGVkIGlPUyBhbmQgQW5kcm9pZCBh cHBzLiBOb3cgYWNjwq1lc3MgYmlsbHMgYW55dGltZSwgYW55d2hlcmUgDQogNC4gIENvbnRyaWJ1 dGUgdG93YXJkcyBncmVlbmVyIHRvbW9ycm93LiBTwq1hdmUgdHJlZXMgZXZlcnlkYXksIEdyZWVu UG9zdCB3YXkgDQogU2lnbmluZyB1cCBqdXN0IHRha2VzIDUgbWlucy4gDQogDQoNCiogY2hlY2sg b3V0IG1vcmUgZGV0YWlscyBhdCB3d3cuZ29ncmVlbnBvc3QuY29tDQoNCllvdeKAmXJlIHJlY2Vp dmluZyB0aGlzIGVtYWlsIGJlY2F1c2UgeW91IHJlcXVlc3RlZCB0byBiZSBub3RpZmllZCBhYm91 dCBHcmVlblBvc3QuDQpJZiB5b3UgZG9u4oCZdCB3YW50IHRvIHJlY2VpdmUgdGhpcyBuZXdzbGV0 dGVyIGFueW1vcmUsIHlvdSBjYW4gVW5zdWJzY3JpYmUgaGVyZQ0KDQpHcmVlblBvc3QgwrcgNDAx IE1hY3BoZXJzb24gcm9hZCDCtyAjMDItMDggwrcgU2luZ2Fwb3JlIDM1MDEzMSANCiA= From owner-freebsd-questions@FreeBSD.ORG Sun Nov 18 06:29:52 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8516816E for ; Sun, 18 Nov 2012 06:29:52 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx02.qsc.de (mx02.qsc.de [213.148.130.14]) by mx1.freebsd.org (Postfix) with ESMTP id 2A1D18FC0C for ; Sun, 18 Nov 2012 06:29:51 +0000 (UTC) Received: from r56.edvax.de (port-92-195-8-72.dynamic.qsc.de [92.195.8.72]) by mx02.qsc.de (Postfix) with ESMTP id 167F1244EF; Sun, 18 Nov 2012 07:29:51 +0100 (CET) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id qAI6TkWR002037; Sun, 18 Nov 2012 07:29:46 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Sun, 18 Nov 2012 07:29:46 +0100 From: Polytropon To: grarpamp Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] Message-Id: <20121118072946.69de35bb.freebsd@edvax.de> In-Reply-To: References: Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Polytropon List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2012 06:29:52 -0000 On Sun, 18 Nov 2012 00:59:54 -0500, grarpamp wrote: > > Never trust an operating system you don't have sources for. ;-) > > As well summarized by this (your signature) ... sources you can't > verify to the master are, also, sources you can't trust. Unless. of couse, you are able to "use the source Luke" and spot malicious portions by yourself. This of course is usually possible to subsets only, and mostly to the gurus of our guild. The "ordinary user" won't be able to do this. > >> fidaj@ukr.net > > LOL And how will this help Linux? > > http://lwn.net/Articles/457142/ > > How will what help Linux? Please quote a relevant snippet instead > of the entire message. > > Seems pretty clear from the above link that having hashes/crypto > as an intrinsic feature of the SCM tool does in fact help Linux. The article's headline is "kernel.org compromised", and the significant part (as of August 2011!) is: Earlier this month, a number of servers in the kernel.org infrastructure were compromised. We discovered this August 28th. While we currently believe that the source code repositories were unaffected, we are in the process of verifying this and taking steps to enhance security across the kernel.org infrastructure. However, this is a Linux problem, not a FreeBSD one, regarding repository infrastructure. > >> utisoft@gmail.com > > Yes, but git doesn't work with our workflow. > > There's usually a larger than head sized sandbox near everyone's > local neighborhood. Will people elect to visit it, or to learn, > grow, and change for the better? In many contexts, "better" _depends_. > Prioe workflow is often forced by > and derived from the tools being used. That is _one_ (valid!) way to see it. Another way is that tools will be chosen according to established workflows, or tools will adapt those workflows to better support them. > Different tools could enable > different, more useful workflows. SVN required workflow change from > CVS, people managed just fine. If the required programs will be integrated in the OS, accompanied by proper documentation, and the backend infrastructures being instantiated, up and running, I don't see a big problem. Unlike in other "OS countries", FreeBSD people are able to adapt to new methods and tools. > > [git] ... is GPL btw > > FreeBSD does not include this sort-of-BSD licensed SCM tool in its > base either... > > # https://svn.apache.org/repos/asf/subversion/trunk/LICENSE > # ls /*bin/svn /usr/*bin/svn > ls: No such file or directory > > But it does include this GPL licensed one... > > # http://cvs.savannah.gnu.org/viewvc/cvs/ccvs/COPYING?revision=HEAD > # ls /*bin/cvs /usr/*bin/cvs' > /usr/bin/cvs > > And of course we have this in use as well... > > # perforce > http://www.perforce.com/purchase/pricing-licensing > > So it seems license is not an obstacle to inclusion, and certainly > not the use via ports, of any particular SCM with the FreeBSD > project. As far as I know, FreeBSD team puts much work into getting the OS into a "BSD license only" state, making it more appealing to commercial use where the (often so called) "rape me license" BSDL is very welcome. But as for "being part of the OS installation", you are right: Whatever tool will be required (or at least suggested) for the purpose of managing "CVS-like" functionality for sources and the ports collection should be part of the basic installation. That's why "pkg_add -r cvsup-without-gui" (if I remember correctly) has been the way in the past, but then, a rewrite called csup became part of the default installation, so you could use the known cvs command _and_ have a nice integration with system functionality, like entries in /etc/make.conf and configuration files for _how_ to update sources, ports, documentation and so on (e. g. in /etc/sup, with /usr/share/examples/cvsup/ as examples), so "make update" would do whatever you wanted. Exactly that kind of productive (!) behaviour is what I would expect (or at least wish) for any replacement of CVS, be it SVN or Git. > Sorry to reply to these sorts of replies this way, but please, this > isn't a troll or a shed. No need to do that around the issue raised. > Hash [ :-) ] it out and solve it. With some salt, please. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...