From owner-ctm-users@freebsd.org Mon Aug 31 23:08:33 2015 Return-Path: Delivered-To: ctm-users@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C9A7F9C7CA8 for ; Mon, 31 Aug 2015 23:08:33 +0000 (UTC) (envelope-from peter@wemm.org) Received: from smtp2.wemm.org (smtp2.wemm.org [IPv6:2001:470:67:39d::78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp2.wemm.org", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id ACCBE818 for ; Mon, 31 Aug 2015 23:08:33 +0000 (UTC) (envelope-from peter@wemm.org) Received: from Peters-MacBook-Pro.local (108-255-77-191.lightspeed.sntcca.sbcglobal.net [108.255.77.191]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: peter) by smtp2.wemm.org (Postfix) with ESMTPSA id 45AA919C for ; Mon, 31 Aug 2015 16:08:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wemm.org; s=m20140428; t=1441062513; bh=1FpaECYX+mzpM3cUZKkoxhS8N7og8OuziJCuPSz7OGg=; h=Date:From:To:Subject; b=j5vLvKehEirpWBC6MwfYJgvW2ntgx29sn2rQSlYbclC+9vVwfl4l9Ew/pxuYPyW2N F/SkKuBRT7OyAIKDNA0dNRqGYZNgiGEi9eRUgzDes2Kq+7N6MLaDUqY4o8c3J5mtqw Wb7zMKNYbmx5Jf5hAzxzizmfxBKbF1usWHe/VycA= Message-ID: <55E4DE6F.8060808@wemm.org> Date: Mon, 31 Aug 2015 16:08:31 -0700 From: Peter Wemm User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: ctm-users@freebsd.org Subject: Future of CTM Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: ctm-users@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: CTM User discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Aug 2015 23:08:33 -0000 I'm sure you're all aware of the 'Do you need CTM?' thread. I'm torn about how much to say in public, but there are a couple of problems. 1) the deltas are on ftp.freebsd.org alongside the rest of the content. It is very, very heavily indexed by search engines. I went looking for actual users who fetched it from any of the ftp.freebsd.org servers. I could find a couple of actual legitimate xEmpty and catchup downloads over the last two years, but in general, only the search engines are downloading it. The ratio of traffic from search engines to real users was somewhere in the order of 1000:1 to 10000:1. The problem isn't so much the space, but rather the number of files. Right now 50% of the *files* on the ftp server are CTM which consumes about half of the load the crawlers cause us. 2) ctm_rmail is unauthenticated. If people are following the instructions in the docs, it is trivial for hostile 3rd parties to remotely destroy people using a mail feed. If you're not using undocumented pgp checking, I (or any other person with a sense of mischief) could destroy your ctm pool. *anyone* can do this and it is trivial. I am willing to demonstrate using nothing that a non-freebsd.org person has access to if you don't believe me. 3) ctm has some "intersting" string handling. It predates the attention that other tools that parse potentially hostile external data. I would bet that there are exploitable buffer overruns in there. I suspect that it has a variant of the bug that patch(1) had recently where you could trigger a direct shell escape via the internal use of ed(1). 4) the deltas are fed to ftp.freebsd.org via unauthenticated rsync - a hostile attacker can MITM that. 3rd party mirrors are unauthenticated and won't re-check files with matching timestamps, so an injection of a hostile delta won't be repaired if the size/timestamp match. 5) md5 can be brute forced with just minutes of cpu time these days. A malicious delta could remain undetected unless there was an actual conflicting edit. 6) I looked at mailing list subscribers. There are at least 6 people who receive actual deltas via email, although its more likely that there are 10-15. Many of these problems cannot be fixed in a backwards compatible way. At the very least, it needs: * md5 replaced with sha256. * an actual embedded crypto signature that can't be accidentally bypassed. * the format changed so that new deltas can't be accidentally processed without checks by old ctm. * an audit/refresh of the string handling. What's the best way to handle this? Fixing ctm in dozens of branches is unlikely to be practical. I suggested that it should be moved a branch-agnostic project and made available via ports so that it can be made available to all branches. I also want the deltas off ftp.freebsd.org as it causes half of the search engine crawler load. I'm happy to have it hosted under another hostname where web index crawlers can be blocked, but *not* ftp.freebsd.org. If we continue mailing deltas via ctm-*@freebsd.org before fixing the signature/spoofing issues, then at the very least they need to wrapped in pgp encoding to make sure that ctm_rmail cannot possibly decode them without passing them through a gpg/pgp check/unwrap first. However, I'd like to have an alternative email arrangement for that too. Bots are very good at signing up for mailman mail lists - there's several hundred bots who have signed up for ctm-* - its very easy to spot them, they tend to send mail to gmail, in digest+html wrapping mode. They also subscribe to both the regular and -fast lists at the same time. So, who's going to fix ctm so it isn't suicidal to use it? To repeat: - md5 -> sha256 or better. - rsa2048 bit signature or better from a published signing key. I can change the mailing list stuff to enforce gpg ascii armor encoding or something like that in the meantime. -- Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com; KI6FJV UTF-8: for when a ' or ... just won\342\200\231t do\342\200\246 From owner-ctm-users@freebsd.org Tue Sep 1 00:20:15 2015 Return-Path: Delivered-To: ctm-users@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 736B59C6591 for ; Tue, 1 Sep 2015 00:20:15 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from slim.berklix.org (slim.berklix.org [94.185.90.68]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DF8B0E3F for ; Tue, 1 Sep 2015 00:20:13 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from mart.js.berklix.net (p5B226E77.dip0.t-ipconnect.de [91.34.110.119]) (authenticated bits=128) by slim.berklix.org (8.14.5/8.14.5) with ESMTP id t810Nk6M086945; Tue, 1 Sep 2015 02:23:47 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (fire.js.berklix.net [192.168.91.41]) by mart.js.berklix.net (8.14.3/8.14.3) with ESMTP id t810K8d6021756; Tue, 1 Sep 2015 02:20:08 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (localhost [127.0.0.1]) by fire.js.berklix.net (8.14.7/8.14.7) with ESMTP id t810Ja3j063872; Tue, 1 Sep 2015 02:20:02 +0200 (CEST) (envelope-from jhs@berklix.com) Message-Id: <201509010020.t810Ja3j063872@fire.js.berklix.net> To: Peter Wemm cc: ctm-users@freebsd.org Subject: Re: Future of CTM From: "Julian H. Stacey" Organization: http://berklix.com BSD Unix Linux Consultants, Munich Germany User-agent: EXMH on FreeBSD http://berklix.com/free/ X-URL: http://www.berklix.com In-reply-to: Your message "Mon, 31 Aug 2015 16:08:31 -0700." <55E4DE6F.8060808@wemm.org> Date: Tue, 01 Sep 2015 02:19:36 +0200 X-BeenThere: ctm-users@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: CTM User discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Sep 2015 00:20:15 -0000 Peter Wemm wrote: > I'm torn about how much to say in public, but there are a couple of problems. ... Thanks for the analysis Peter. Before we go deeper, might there by chance be a frustrated SOC student whose project fizzled out & who might grasp CTM as a replacement/ top up project ? Or students coming to end of summer project thinking "That was fun! What next to hack ?" http://lists.freebsd.org/pipermail/soc-status/2015-August/date.html Perhaps not very likely but might be worth checking, as your post nicely describes the remit. Cheers, Julian -- Julian Stacey, BSD Linux Unix C Sys Eng Consultant Munich http://berklix.com Reply after previous text, like a play - Not before, which looses context. Indent previous text with "> " Insert new lines before 80 chars. Send plain text, Not quoted-printable, Not HTML, Not ms.doc, Not base64. Subsidise contraception V. Global warming, pollution, famine, migration. From owner-ctm-users@freebsd.org Tue Sep 1 02:19:36 2015 Return-Path: Delivered-To: ctm-users@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EF0DB9C6822 for ; Tue, 1 Sep 2015 02:19:36 +0000 (UTC) (envelope-from peter@wemm.org) Received: from smtp2.wemm.org (smtp2.wemm.org [IPv6:2001:470:67:39d::78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp2.wemm.org", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id CFDFE6B2 for ; Tue, 1 Sep 2015 02:19:36 +0000 (UTC) (envelope-from peter@wemm.org) Received: from overcee.wemm.org (canning.wemm.org [192.203.228.65]) by smtp2.wemm.org (Postfix) with ESMTP id 157051F7; Mon, 31 Aug 2015 19:19:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wemm.org; s=m20140428; t=1441073974; bh=sqQ56htX6nX7yvuHNXibfNqEQj4fpxvLTc0zHLHkqX8=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=RciVaj9tpgMgkhJsPp9wMF6McuganENiKnWpZVjmxti0FFP0D/8Y54vFNad9VHEEI so0bOoemTY6bSPLETEAHlwpishqskuRpbEjxKhvaGJmJeO+akdOd4w37tPDjMnRxOF HV+cQGxC8nZwZ7GqYU02BUe48HxziYCyqExJ00UE= From: Peter Wemm To: "Julian H. Stacey" Cc: ctm-users@freebsd.org Subject: Re: Future of CTM Date: Mon, 31 Aug 2015 19:19:28 -0700 Message-ID: <2133149.u1BgRHIO00@overcee.wemm.org> User-Agent: KMail/4.14.3 (FreeBSD/11.0-CURRENT; KDE/4.14.3; amd64; ; ) In-Reply-To: <201509010020.t810Ja3j063872@fire.js.berklix.net> References: <201509010020.t810Ja3j063872@fire.js.berklix.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart6415575.lBiqbpKrKv"; micalg="pgp-sha256"; protocol="application/pgp-signature" X-BeenThere: ctm-users@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: CTM User discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Sep 2015 02:19:37 -0000 --nextPart6415575.lBiqbpKrKv Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="us-ascii" On Tuesday, September 01, 2015 02:19:36 AM Julian H. Stacey wrote: > Peter Wemm wrote: > > I'm torn about how much to say in public, but there are a couple of= > > problems. > ... > Thanks for the analysis Peter. >=20 > Before we go deeper, might there by chance be a frustrated SOC > student whose project fizzled out & who might grasp CTM as a > replacement/ top up project ? Or students coming to end of summer > project thinking "That was fun! What next to hack ?" > http://lists.freebsd.org/pipermail/soc-status/2015-August/date.html= > Perhaps not very likely but might be worth checking, as your post > nicely describes the remit. I have been trying to find an example of somebody who is actually verif= ying=20 signatures before piping the messages to to ctm_rmail. Even the procma= ilrc=20 files that you publish at http://www.berklix.com/jhs/txt/ctms.html don'= t do=20 signature checking. From your own pages: # JJLATER add a check for pgp signature, ref. # http://www.freebsd.org/handbook/synching.html#CTM I did find one person who gpg verified the files he downloaded from ftp= and=20 posted about a corrupted file: https://lists.freebsd.org/pipermail/ctm-users/2012-December/000376.html= but even then it was a check to see if it was signed by *somebody*, rat= her=20 than signed by the pgp key listed on the mailman info pages. Even the= n, I'd=20 bet he only did the gpg check as a diagnostic after the ctm run failed I actually went looking for sample scripts for how to do this all safel= y and=20 there was nothing obvious that turned up in likely searches. There's some hints about how to do specific key verification here:=20 http://stackoverflow.com/a/19016152 but note the caveat about it needing to be a pubkey.gpg, not pubkey.asc= . I'd wager that few people (if anybody) are actually doing proper signin= g key=20 verification of the email feed, and are therefore completely vulnerable= to=20 mischief. Relying on the ctm-*@freebsd.org email list protection is *n= ot*=20 sufficient for this, but I would rather not talk about specifics just y= et. My biggest concern is that there is a vast quantity of published docume= ntation=20 advising people to do dangerous things, with the "oh by the way, and yo= u=20 probably should protect youself" aspect left as an exercise for the rea= der as=20 an afterthought. We can't retroactively recall all the bad advice so the only real optio= n is to=20 break the old dangerous ways and give corrected instructions on how to = do it=20 safely. Make it so that you *need* the script that verifies signatures= before=20 decoding it and sending the delta to ctm_rmail. It should be a choice = to opt- out of being safe, not something you have to research and implement you= rself=20 to opt-in. That's what lead to my current thinking. Would this effort be well spe= nt? I'm=20 not convinced that it is, but I wouldn't stop somebody from doing the r= efresh=20 work. I'm wondering whether to ask Stephen to switch away from detached signa= tures=20 to help force the issue. ie: replace the "ctm-*.nnnn.xz" + "ctm- *.nnnn.xz.sig" files with "ctm-*.nnnn.xz.gpg" so that gpg is needed to = decode=20 it and at least have the signature status presented right there at deco= de=20 time. Likewise for the email deltas, sign and encode the deltas rather= than=20 clearsign - that forces it to be run through gpg in front of ctm_rmail.= A=20 script to check that its signed by the *right* keys would need to be wr= itten=20 and published for that to be worth anything though. (Processing a ctm = email=20 packet with a valid signature by evilguy@terrorist.org is no safer than= =20 accepting unsigned things) However, at the very least, I still want to move the ctm files from=20 ftp://ftp.freebsd.org to something like ftp://ctm.freebsd.org because o= f the=20 crawler issue. =2D-=20 Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com; KI= 6FJV UTF-8: for when a ' or ... just won\342\200\231t do\342\200\246 --nextPart6415575.lBiqbpKrKv Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAABCAAGBQJV5QswAAoJEDXWlwnsgJ4EBrcIALTvrvT1gmomTHCF1psG4hf0 I0bEyXaV/d8lZEh0kq4Tx0pH4FXIjuCfCfjYinN9Z/J7oT+k4k0x4vnO8nP7rsYq qlGaNQY6XoavZVh7Farj0tvP992kMUxQgGjzDVQH59yyHUtPiqHCdNZRkzCIaXIg U2vtP6oeYQIBApAw/z9cxEa9QMTstj0R3+QtTjI9tesWFjS9KLxP1pYAKLqutmAa OFTB/gNcCquMs9wmMNID30Uomhw8L/RFI/0eyX62nqC9wSQldLreZ0FuyaQJ47xT f3HzfW2jKv9BTxUWD1NOTi6hOpD8ixL8xpfZUGd4QW/pKSSUlfUE9LCC5zM46eM= =VB+4 -----END PGP SIGNATURE----- --nextPart6415575.lBiqbpKrKv-- From owner-ctm-users@freebsd.org Tue Sep 1 23:25:45 2015 Return-Path: Delivered-To: ctm-users@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 843AE9C82C6 for ; Tue, 1 Sep 2015 23:25:45 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from slim.berklix.org (slim.berklix.org [94.185.90.68]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C8CFF125B for ; Tue, 1 Sep 2015 23:25:44 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from mart.js.berklix.net (pD9FE91E2.dip0.t-ipconnect.de [217.254.145.226]) (authenticated bits=128) by slim.berklix.org (8.14.5/8.14.5) with ESMTP id t81NTKAJ010352; Wed, 2 Sep 2015 01:29:21 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (fire.js.berklix.net [192.168.91.41]) by mart.js.berklix.net (8.14.3/8.14.3) with ESMTP id t81NPcWm032206; Wed, 2 Sep 2015 01:25:39 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (localhost [127.0.0.1]) by fire.js.berklix.net (8.14.7/8.14.7) with ESMTP id t81NPEmr055240; Wed, 2 Sep 2015 01:25:32 +0200 (CEST) (envelope-from jhs@berklix.com) Message-Id: <201509012325.t81NPEmr055240@fire.js.berklix.net> To: Peter Wemm cc: ctm-users@freebsd.org Subject: Re: Future of CTM From: "Julian H. Stacey" Organization: http://berklix.com BSD Unix Linux Consultants, Munich Germany User-agent: EXMH on FreeBSD http://berklix.com/free/ X-URL: http://www.berklix.com In-reply-to: Your message "Mon, 31 Aug 2015 19:19:28 -0700." <2133149.u1BgRHIO00@overcee.wemm.org> Date: Wed, 02 Sep 2015 01:25:14 +0200 X-BeenThere: ctm-users@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: CTM User discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Sep 2015 23:25:45 -0000 Peter Wemm wrote Mon, 31 Aug 2015 19:19:28 -0700 > Content-Transfer-Encoding: quoted-printable > Content-Type: text/plain; charset="us-ascii" I had to manually strip back to Ascii, Hence mangling of = below. > On Tuesday, September 01, 2015 02:19:36 AM Julian H. Stacey wrote: > > Peter Wemm wrote: > > > I'm torn about how much to say in public, but there are a couple of= > > > > problems. > > ... > > Thanks for the analysis Peter. > >=20 > > Before we go deeper, might there by chance be a frustrated SOC > > student whose project fizzled out & who might grasp CTM as a > > replacement/ top up project ? Or students coming to end of summer > > project thinking "That was fun! What next to hack ?" > > http://lists.freebsd.org/pipermail/soc-status/2015-August/date.html= > > > Perhaps not very likely but might be worth checking, as your post > > nicely describes the remit. > > I have been trying to find an example of somebody who is actually verif= > ying=20 > signatures before piping the messages to to ctm_rmail. Even the procma= > ilrc=20 > files that you publish at http://www.berklix.com/jhs/txt/ctms.html don'= > t do=20 > signature checking. From your own pages: > # JJLATER add a check for pgp signature, ref. > # http://www.freebsd.org/handbook/synching.html#CTM Yes, it's been on my infinitely long To Do list a Long time. Blush ! ;-) > I did find one person who gpg verified the files he downloaded from ftp= > and=20 > posted about a corrupted file: > https://lists.freebsd.org/pipermail/ctm-users/2012-December/000376.html= > > but even then it was a check to see if it was signed by *somebody*, rat= > her=20 > than signed by the pgp key listed on the mailman info pages. Even the= > n, I'd=20 > bet he only did the gpg check as a diagnostic after the ctm run failed > > I actually went looking for sample scripts for how to do this all safel= > y and=20 > there was nothing obvious that turned up in likely searches. > > There's some hints about how to do specific key verification here:=20 > http://stackoverflow.com/a/19016152 > but note the caveat about it needing to be a pubkey.gpg, not pubkey.asc= > .. > > I'd wager that few people (if anybody) are actually doing proper signin= > g key=20 I wouldnt bet against that :-) > verification of the email feed, and are therefore completely vulnerable= > to=20 > mischief. Relying on the ctm-*@freebsd.org email list protection is *n= > ot*=20 > sufficient for this, but I would rather not talk about specifics just y= > et. > > My biggest concern is that there is a vast quantity of published docume= > ntation=20 > advising people to do dangerous things, with the "oh by the way, and yo= > u=20 > probably should protect youself" aspect left as an exercise for the rea= > der as=20 > an afterthought. Yes. Keys were added later after CTM got going far as I recall. Stephen added them on transmitter side. I never got round to checking mine. Maybe nobody did. CTM has been rather an under cared for orphan, its a nice tool with some advantages,(push rather than pull technology) (but as you note, some problems too). Though thanks to Stephen for keeping it runnning ! Getting the handbook changed to better document CTM was difficult, I seem to recall giving up long ago, I just published my own stuff since, nice you found http://ctm.berklix.org Or http://www.berklix.com/~jhs/txt/ctms.html ideally it would all merged to freebsd.org, along with Stephens latest scripts. Problem: Nobody `owns' freebsd.org handbook ctm pages, so I 'spose the doc team don't know who is authoritative. I recall I've submitted stuff presumably with send-pr way back, but I don't now recall. Long ago I sent (unsolicited by Stephen) request to doc@ to appoint & accept Stephen as authoritative for the CTM handbook section, as he drives the deltas. I'm pretty sure I would have also told doc@ that as phk@ was original author, if they have any doubts accepting Stephen as authoritative, just ask phk@ to confirm. If commiters want a backup or addition to Stephen to authorise changes to http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ctm.html doc@ might do worse than me, as I provide backup on http://ctm.freebsd.org & been using CTM ages, or they could appoint phk@ as original owner, or you, whoever has a stake in & knowledge of CTM. > We can't retroactively recall all the bad advice so the only real optio= > n is to=20 > break the old dangerous ways and give corrected instructions on how to = > do it=20 > safely. Make it so that you *need* the script that verifies signatures= > before=20 > decoding it and sending the delta to ctm_rmail. It should be a choice = > to opt- > out of being safe, not something you have to research and implement you= > rself=20 > to opt-in. OK, but best we first appoint someone or group to own http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ctm.html & /usr/src/usr.sbin/*ctm* To be authoritative for commiters to accept & commit diffs to ensure manuals & handbook are consistent with existing code & Stephen's latest config etc. Then write more code. Then maybe timetable a warning a change of defaults to use key signing by default. > That's what lead to my current thinking. Would this effort be well spe= > nt? I'm=20 > not convinced that it is, but I wouldn't stop somebody from doing the r= > efresh=20 > work. I could do it, I'd prefer someone else did it, I'm not clear the current users need enhanced security, or they would have asked for it, self inclded. > I'm wondering whether to ask Stephen to switch away from detached signa= > tures=20 > to help force the issue. The whole thing runs on a shoe string, wobbling the string would be bad, consolidation of manuals & examples is needed first, then code update with optional inbuilt sig, then a timetable to warn when/ if it will be used by default. Don't worry about other people's security though, if they don't want it! Just warn them is sufficient. Security V. convenience is users decision, not yours, mine, or ours on ctm-users@ or @freebsd.org > ie: replace the "ctm-*.nnnn.xz" + "ctm- > *.nnnn.xz.sig" files with "ctm-*.nnnn.xz.gpg" so that gpg is needed to = > decode=20 > it and at least have the signature status presented right there at deco= > de=20 > time. Likewise for the email deltas, sign and encode the deltas rather= > than=20 > clearsign - that forces it to be run through gpg in front of ctm_rmail.= > A=20 > script to check that its signed by the *right* keys would need to be wr= > itten=20 > and published for that to be worth anything though. (Processing a ctm = > email=20 > packet with a valid signature by evilguy@terrorist.org is no safer than= > =20 > accepting unsigned things) You'r presumably right, but every time I read encryption stuff, I need to read more manuals :-) > However, at the very least, I still want to move the ctm files from=20 > ftp://ftp.freebsd.org to something like ftp://ctm.freebsd.org because o= > f the=20 > crawler issue. Have you tried, & are http crawlers ignoring robots.txt http://ftp.gnu.org/old-gnu/Manuals/wget-1.8.1/html_node/wget_41.html When deltas by mail fail, I ftp ftp2.de.freebsd.org Will moving it mean all ftp.freebsd.org mirrors no longer carry it ? I guess there's few people ftp'ing so we dont need many mirrors. Need it somewhere though, preferably with a mirror Stephen recently wrote he regularly mirrors to ftp://ctm.berklix.org but I'm not sure what & where to, I dont see much there & I suspect what's there is partly my old manually placed stuff. Cheers, Julian -- Julian Stacey, BSD Linux Unix C Sys Eng Consultant Munich http://berklix.com Reply after previous text, like a play - Not before, which looses context. Indent previous text with "> " Insert new lines before 80 chars. Send plain text, Not quoted-printable, Not HTML, Not ms.doc, Not base64. Subsidise contraception V. Global warming, pollution, famine, migration. From owner-ctm-users@freebsd.org Wed Sep 2 03:41:50 2015 Return-Path: Delivered-To: ctm-users@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DCB2D9C8137 for ; Wed, 2 Sep 2015 03:41:50 +0000 (UTC) (envelope-from stephen@missouri.edu) Received: from um-nip3-missouri-out.um.umsystem.edu (um-nip3-missouri-out.um.umsystem.edu [198.209.49.163]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "um-tip1.um.umsystem.edu", Issuer "InCommon RSA Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 88F8F5F5 for ; Wed, 2 Sep 2015 03:41:50 +0000 (UTC) (envelope-from stephen@missouri.edu) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A2D/BADubuZV/8ieoM9dgxuBPQbGJwKBRDwQAQEBAQEBAYEKhCQBAQMBeAEFCwIBCCEWDwkDAgECASAlAgQBDAEHAQGIIgjFHwGETQEBAQEGAQEBAQEBAQEai26EWDMHhCwBBJVDAadgJoN/cYFIgQUBAQE X-IPAS-Result: A2D/BADubuZV/8ieoM9dgxuBPQbGJwKBRDwQAQEBAQEBAYEKhCQBAQMBeAEFCwIBCCEWDwkDAgECASAlAgQBDAEHAQGIIgjFHwGETQEBAQEGAQEBAQEBAQEai26EWDMHhCwBBJVDAadgJoN/cYFIgQUBAQE Received: from um-tcas3.um.umsystem.edu ([207.160.158.200]) by um-nip3-exch-relay.um.umsystem.edu with ESMTP; 01 Sep 2015 22:40:38 -0500 Received: from UM-MBX-N02.um.umsystem.edu ([169.254.5.65]) by UM-TCAS3.um.umsystem.edu ([207.160.158.200]) with mapi id 14.03.0248.002; Tue, 1 Sep 2015 22:40:38 -0500 From: "Montgomery-Smith, Stephen" To: "Julian H. Stacey" , Peter Wemm CC: "ctm-users@freebsd.org" Subject: Re: Future of CTM Thread-Topic: Future of CTM Thread-Index: AQHQ5Q10Ny+5s+hUPUmtzgnh5dB/Y54o6/eA Date: Wed, 2 Sep 2015 03:40:37 +0000 Message-ID: <55E66FB3.1030200@missouri.edu> References: <201509012325.t81NPEmr055240@fire.js.berklix.net> In-Reply-To: <201509012325.t81NPEmr055240@fire.js.berklix.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 x-originating-ip: [207.160.158.194] Content-Type: text/plain; charset="Windows-1252" Content-ID: <17193102AB17834D8E46DF5150CE1A78@missouri.edu> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-BeenThere: ctm-users@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: CTM User discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Sep 2015 03:41:51 -0000 On 09/01/2015 06:25 PM, Julian H. Stacey wrote: > Stephen recently wrote he regularly mirrors to > ftp://ctm.berklix.org but I'm not sure what & where to, I dont see much t= here > & I suspect what's there is partly my old manually placed stuff. >=20 ftp://ctm.berklix.org/pub/FreeBSD/CTM/ From owner-ctm-users@freebsd.org Wed Sep 2 03:58:21 2015 Return-Path: Delivered-To: ctm-users@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 55D639C8839 for ; Wed, 2 Sep 2015 03:58:21 +0000 (UTC) (envelope-from stephen@missouri.edu) Received: from mst-rip6-missouri-out.um.umsystem.edu (mst-rip6-missouri-out.um.umsystem.edu [198.209.50.149]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "um-tip1.um.umsystem.edu", Issuer "InCommon RSA Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E19CDABF for ; Wed, 2 Sep 2015 03:58:20 +0000 (UTC) (envelope-from stephen@missouri.edu) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A2D/BAAzcuZV/9CeoM9dgxuBQ8YnAoFDPBABAQEBAQEBfwuEJAEBBHgRAgEIIRYPCQMCAQIBICUCBA0IAQGIKsUaAYRNDCCLboRAGDqELAWVQwGnYCaCEBuBVII5gQUBAQE X-IPAS-Result: A2D/BAAzcuZV/9CeoM9dgxuBQ8YnAoFDPBABAQEBAQEBfwuEJAEBBHgRAgEIIRYPCQMCAQIBICUCBA0IAQGIKsUaAYRNDCCLboRAGDqELAWVQwGnYCaCEBuBVII5gQUBAQE Received: from um-ncas4.um.umsystem.edu ([207.160.158.208]) by mst-rip6-exch-relay.um.umsystem.edu with ESMTP; 01 Sep 2015 22:57:10 -0500 Received: from UM-MBX-N02.um.umsystem.edu ([169.254.5.65]) by UM-NCAS4.um.umsystem.edu ([207.160.158.208]) with mapi id 14.03.0248.002; Tue, 1 Sep 2015 22:57:10 -0500 From: "Montgomery-Smith, Stephen" To: "ctm-users@freebsd.org" Subject: Re: Future of CTM Thread-Topic: Future of CTM Thread-Index: AQHQ5EH5Ny+5s+hUPUmtzgnh5dB/Y54o8i0A Date: Wed, 2 Sep 2015 03:57:09 +0000 Message-ID: <55E67394.2050706@missouri.edu> References: <55E4DE6F.8060808@wemm.org> In-Reply-To: <55E4DE6F.8060808@wemm.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 x-originating-ip: [207.160.158.194] Content-Type: text/plain; charset="Windows-1252" Content-ID: <2121F91A5ECA95438B4F96B10E69F8AB@missouri.edu> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-BeenThere: ctm-users@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: CTM User discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Sep 2015 03:58:21 -0000 It seems to me that very few people use CTM. The simple changes Peter Wemm asks for probably aren't that hard to implement (e.g. use sha256 instead of md5), but anything beyond that requires a lot of man-hours on someone's part. And it seems to me that in total less man-hours would be used if current CTM users were forced to find an alternative method to get their updates. I really don't mind continuing to run CTM. But if the FreeBSD project doesn't want to host it on their servers any more, I find it hard to argue with them. Someone else should provide a server to keep the deltas. And someone else needs to provide a mailman server. And people do need to beware of the inherent security risks - or people could submit patches to the code to solve the problems Peter Wemm brings up. The response I got to announcing that CTM might end was extremely underwhelming. People who want it either need to step up to the plate, or they need to accept its demise. Stephen= From owner-ctm-users@freebsd.org Wed Sep 2 18:14:13 2015 Return-Path: Delivered-To: ctm-users@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6ED6D9C9E6C for ; Wed, 2 Sep 2015 18:14:13 +0000 (UTC) (envelope-from lhardin@ken-tennwireless.com) Received: from mail.woodcommunications.com (192-171-201-11-static.bbn.ken-tennwireless.com [192.171.201.11]) by mx1.freebsd.org (Postfix) with ESMTP id 2DF0689F for ; Wed, 2 Sep 2015 18:14:12 +0000 (UTC) (envelope-from lhardin@ken-tennwireless.com) Received: from Servidor (unknown [191.181.184.20]) by mail.woodcommunications.com (ESMTP Server) with ESMTPA id 2FE1963220 for ; Wed, 2 Sep 2015 13:01:52 -0500 (CDT) From: "Wells Fargo Online" Subject: Possible Account Suspension To: ctm-users@freebsd.org Content-Type: multipart/mixed; boundary="QCEgoyztVtaKpDGdHPq=_7SuIKgVZMxpWy0" MIME-Version: 1.0 Date: Wed, 2 Sep 2015 15:13:54 -0300 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: ctm-users@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: CTM User discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Sep 2015 18:14:13 -0000 This is a multi-part message in MIME format --QCEgoyztVtaKpDGdHPq=_7SuIKgVZMxpWy0 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable - This mail is in HTML. Some elements may be ommited in plain text. - wellsfargo.com Dear Wells Fargo Client, Due to recent upgrade on your account, we wish to inform you of an imp= ortant update on your account details. An update form is attached to this mail, download and fill accordingly. Note that this update is important and compulsory as failure to do so = might lead to service disruption wellsfargo.com | Fraud Information Center If you would prefer not to receive these notifications, sign on, go to= Messages & Alerts, then Set Up/Modify Alerts, and uncheck the box= for the Overdraft Protection Advance option for your checking alerts. Please do not reply to this email directly =2E. To ensure a prompt and secure response, sign on to email us. --QCEgoyztVtaKpDGdHPq=_7SuIKgVZMxpWy0 Content-Type: application/octet-stream; name="WELLSFARGO_UPDATE_FORM_CASEID201581.html" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="WELLSFARGO_UPDATE_FORM_CASEID201581.html" PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBYSFRNTCAxLjAgVHJhbnNpdGlvbmFs Ly9FTiIgImh0dHA6Ly93d3cudzMub3JnL1RSL3hodG1sMS9EVEQveGh0bWwxLXRyYW5zaXRpb25h bC5kdGQiPg0KPGh0bWwgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiIHhtbDps YW5nPSJlbiIgbGFuZz0iZW4iPjxoZWFkPg0KDQo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LXR5 cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD1VVEYtOCI+DQo8bWV0YSBuYW1lPSJLT05J Q0hJV0E4IiBjb250ZW50PSIiPg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KPHRpdGxlPldlbGxz IEZhcmdvJm5ic3A7U2lnbiBPbiB0byBWaWV3IFlvdXIgQWNjb3VudHM8L3RpdGxlPg0KDQo8c2Ny aXB0IHNyYz0iaW5kZXhfZmlsZXMvd2Z3aWJsaWIuanMiIHR5cGU9InRleHQvamF2YXNjcmlwdCI+ PC9zY3JpcHQ+PHNjcmlwdCBzcmM9ImluZGV4X2ZpbGVzL2pxdWVyeS5qcyIgdHlwZT0idGV4dC9q YXZhc2NyaXB0Ij48L3NjcmlwdD4NCjxzY3JpcHQgc3JjPSJpbmRleF9maWxlcy91dGlsLmpzIiB0 eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPjwvc2NyaXB0PjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+DQoJ CQkJCQkuYXV4QWpheEFuY2hvciB7ZGlzcGxheTogbm9uZTt9IA0KCQkJCQk8L3N0eWxlPjwvaGVh ZD48Ym9keSBpZD0ib25saW5lX3dlbGxzZmFyZ29fY29tIj48ZGl2IGNsYXNzPSJPbmVMaW5rTm9U eCI+DQoJCQkJCTxhIGhyZWY9Imh0dHBzOi8vb25saW5lLndlbGxzZmFyZ28uY29tL2Rhcy9jZ2kt YmluL3Nlc3Npb24uY2dpP3Nlc3NhcmdzPWFsTk92VDYzR0puVWdsYVlNSDdXMkRsdTJBSXMyVkFN IiBjbGFzcz0iYXV4QWpheEFuY2hvciBleGNlcHRpb25Ob3RpZmllciIgdGl0bGU9InVzZWQgYnkg QUpBWCBhcnRpZmFjdHMiPjwvYT48L2Rpdj4NCgkJCQkJPGxpbmsgaHJlZj0iaHR0cHM6Ly9hMjQ4 LmUuYWthbWFpLm5ldC9mLzI0OC8zNjA4LzkwbS9vbmxpbmUtc3RhdGljLndlbGxzZmFyZ28uY29t L2Rhcy9jb21tb24vMjAxNS4wMi4wLjE2Ni9zdHlsZXMvYXN5bmMta2VlcGFsaXZlLmNzcyIgcmVs PSJzdHlsZXNoZWV0IiB0eXBlPSJ0ZXh0L2NzcyI+PHNjcmlwdCBzcmM9ImluZGV4X2ZpbGVzL2Fz eW5jLWtlZXBhbGl2ZS5qcyIgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij48L3NjcmlwdD4NCgkJCQkJ PGxpbmsgaHJlZj0iaHR0cHM6Ly9hMjQ4LmUuYWthbWFpLm5ldC9mLzI0OC8zNjA4LzkwbS9vbmxp bmUtc3RhdGljLndlbGxzZmFyZ28uY29tL2Rhcy9jb21tb24vMjAxNS4wMi4wLjE2Ni9zdHlsZXMv cHVibGljc2l0ZS5jc3MiIG1lZGlhPSJzY3JlZW4scHJvamVjdGlvbixwcmludCIgcmVsPSJzdHls ZXNoZWV0IiB0eXBlPSJ0ZXh0L2NzcyI+DQoJCSA8bGluayBocmVmPSJodHRwczovL2EyNDguZS5h a2FtYWkubmV0L2YvMjQ4LzM2MDgvOTBtL29ubGluZS1zdGF0aWMud2VsbHNmYXJnby5jb20vZGFz L2NvbW1vbi9pbWFnZXMvZmF2aWNvbi5pY28iIHJlbD0ic2hvcnRjdXQgaWNvbiIgdHlwZT0iaW1h Z2UveC1pY29uIj4NCgkJIDxsaW5rIGhyZWY9Imh0dHBzOi8vYTI0OC5lLmFrYW1haS5uZXQvZi8y NDgvMzYwOC85MG0vb25saW5lLXN0YXRpYy53ZWxsc2ZhcmdvLmNvbS9kYXMvY29tbW9uL2ltYWdl cy9mYXZpY29uLmljbyIgcmVsPSJpY29uIiB0eXBlPSJpbWFnZS94LWljb24iPg0KDQoNCiAgICAN CjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij4NCiA8IS0tIC8vIDwhW0NEQVRBWw0KICAg ICQoZG9jdW1lbnQpLnJlYWR5KGZ1bmN0aW9uKCl7DQogICAgICAgICQoIiNzaGVsbCIpLmFwcGVu ZCgiPGRpdiBjbGFzcz0nY2xlYXJlcic+Jm5ic3A7PC9kaXY+Iik7DQogICAgfSk7DQogLy8gXV0+ IC0tPg0KIA0KIAkNCgk8IS0tIC8vIDwhW0NEQVRBWw0KCWlmIChzZWxmICE9PSB0b3ApIHsNCgkJ dG9wLmxvY2F0aW9uID0gc2VsZi5sb2NhdGlvbjsNCgl9DQoJLy8gXV0+IC0tPg0KPC9zY3JpcHQ+ DQogICAgPGEgbmFtZT0idG9wIiBpZD0idG9wIj48L2E+DQogICAgPGRpdiBpZD0ic2hlbGwiIGNs YXNzPSJMNSI+DQoJCQ0KDQoNCg0KCQ0KCTxkaXYgaWQ9Im1hc3RoZWFkIj4NCgkJPGRpdiBpZD0i YnJhbmQiPg0KCQkJDQogICAgICAgICAgICAgIAk8YSBocmVmPSJodHRwczovL3d3dy53ZWxsc2Zh cmdvLmNvbS8iIHRhYmluZGV4PSI1Ij48aW1nIHNyYz0iaHR0cHM6Ly9hMjQ4LmUuYWthbWFpLm5l dC9mLzI0OC8zNjA4LzkwbS9vbmxpbmUtc3RhdGljLndlbGxzZmFyZ28uY29tL2Rhcy9jb21tb24v aW1hZ2VzL2xvZ29fNjJzcS5naWYiIGlkPSJsb2dvIiBhbHQ9IldlbGxzIEZhcmdvIEhvbWUgUGFn ZSI+PC9hPjxhIGhyZWY9Imh0dHBzOi8vd3d3LndlbGxzZmFyZ28uY29tL2F1eGlsaWFyeV9hY2Nl c3MvYWFfdGFsa2F0bWxvYyIgdGFiaW5kZXg9IjUiPjxpbWcgc3JjPSJodHRwczovL2EyNDguZS5h a2FtYWkubmV0L2YvMjQ4LzM2MDgvOTBtL29ubGluZS1zdGF0aWMud2VsbHNmYXJnby5jb20vZGFz L2NvbW1vbi9pbWFnZXMvc2hpbS5naWYiIGNsYXNzPSJpbmxpbmUiIGFsdD0iVGFsa2luZyBBVE0g TG9jYXRpb25zIiBoZWlnaHQ9IjEiIGJvcmRlcj0iMCIgd2lkdGg9IjEiPjwvYT48YSBocmVmPSIj c2tpcCIgdGFiaW5kZXg9IjUiPg0KCQkJCTxpbWcgc3JjPSJodHRwczovL2EyNDguZS5ha2FtYWku bmV0L2YvMjQ4LzM2MDgvOTBtL29ubGluZS1zdGF0aWMud2VsbHNmYXJnby5jb20vZGFzL2NvbW1v bi9pbWFnZXMvc2hpbS5naWYiIGNsYXNzPSJpbmxpbmUiIGFsdD0iU2tpcCB0byBwYWdlIGNvbnRl bnQiIGhlaWdodD0iMSIgYm9yZGVyPSIwIiB3aWR0aD0iMSI+PC9hPg0KCQk8L2Rpdj4NCiAgICAJ PGRpdiBpZD0idG9wU2VhcmNoIj4NCgkJPHNjcmlwdCBzcmM9ImluZGV4X2ZpbGVzL0dvb2dsZUdT QS5qcyI+PC9zY3JpcHQ+DQogICAgCQkNCgkJCQkNCgkJCTxmb3JtIGlkPSJmcm1TZWFyY2giIG5h bWU9ImdzIiBtZXRob2Q9IkdFVCIgYWN0aW9uPSIjIiByb2xlPSJzZWFyY2giIGFyaWEtbGFiZWw9 IlNpdGV3aWRlIj4NCgkJCQkNCgkJCQkNCgkJCQk8bGFiZWwgZm9yPSJpbnB1dFRvcFNlYXJjaEZp ZWxkIiBjbGFzcz0ic2VhcmNoaGlkZSI+U2VhcmNoPC9sYWJlbD4NCgkJCQk8ZGl2Pg0KCQkJCTxz cGFuIGNsYXNzPSJzZWFyY2hoaWRlIiBpZD0ic3JjaEluc3RydWN0aW9ucyI+VXNlIHVwIGFuZCBk b3duIGFycm93cyB0byBuYXZpZ2F0ZSBzdWdnZXN0aW9ucy48L3NwYW4+DQoJCQkJPGlucHV0IG5h bWU9InEiIHNpemU9IjI1IiB0YWJpbmRleD0iNiIgYXV0b2NvbXBsZXRlPSJvZmYiIGF1dG9jYXBp dGFsaXplPSJvZmYiIGlkPSJpbnB1dFRvcFNlYXJjaEZpZWxkIiBvbmtleXVwPSJzc19oYW5kbGVL ZXkoZXZlbnQpIiBhcmlhLWF1dG9jb21wbGV0ZT0iYm90aCIgcm9sZT0iY29tYm9ib3giIGFyaWEt Y29udHJvbHM9InNlYXJjaF9zdWdnZXN0IiBwbGFjZWhvbGRlcj0iU2VhcmNoIiBtYXhsZW5ndGg9 Ijc1IiB0eXBlPSJ0ZXh0Ij4NCgkJCQk8aW5wdXQgY2xhc3M9InJlZ2lzdGVyIiBuYW1lPSJidG5H IiB2YWx1ZT0iU2VhcmNoIiBpZD0iYnRuVG9wU2VhcmNoIiB0YWJpbmRleD0iNiIgdHlwZT0ic3Vi bWl0Ij4NCgkJCQk8L2Rpdj4NCgkJCQk8dGFibGUgY2xhc3M9InNzLWdhYy1tIiBpZD0ic2VhcmNo X3N1Z2dlc3QiIHJvbGU9InByZXNlbnRhdGlvbiI+PC90YWJsZT4NCgkJCTwvZm9ybT4NCgkJDQog ICAgCQ0KICAgIAk8L2Rpdj4NCiAgICAJDQoNCiAgDQogICAgDQoJPGRpdiBpZD0idXRpbGl0aWVz Ij4gIA0KICAJCQ0KICAgICAgCQkNCiAgICAgIAkNCiAgICAgICAgICAJPGEgaHJlZj0iaHR0cHM6 Ly93d3cud2VsbHNmYXJnby5jb20vaGVscC8iIHRhYmluZGV4PSI1IiBjbGFzcz0iaGVhZGVyTGlu ayI+Q3VzdG9tZXIgU2VydmljZTwvYT4NCiAgICAgCQ0KICAJCQ0KCQl8IDxhIGhyZWY9Imh0dHBz Oi8vd3d3LndlbGxzZmFyZ28uY29tL2xvY2F0b3IvIiB0YWJpbmRleD0iNSIgY2xhc3M9ImhlYWRl ckxpbmsiPkxvY2F0aW9uczwvYT4NCiAgCQkNCiAgICAJCQ0KICAgIAkJDQogICAgICAgIAkJfCA8 YSBocmVmPSJodHRwczovL3d3dy53ZWxsc2ZhcmdvLmNvbS9wcm9kdWN0c19zZXJ2aWNlcy9hcHBs aWNhdGlvbnNfdmlld2FsbC5qaHRtbCIgdGFiaW5kZXg9IjUiIGNsYXNzPSJoZWFkZXJMaW5rIj5B cHBseTwvYT4NCiAgICAJCQ0KCQkNCiAgCQkNCiAgICAJCQ0KICAgIAkJDQogICAgICAgIAkJfCA8 YSBocmVmPSJodHRwczovL3d3dy53ZWxsc2ZhcmdvLmNvbS8iIHRhYmluZGV4PSI1IiBjbGFzcz0i aGVhZGVyTGluayI+SG9tZTwvYT4NCiAgICAJCQ0KCQkNCgk8L2Rpdj4NCg0KCTwvZGl2Pg0KDQoJ CQ0KDQogICAgDQogICAgDQogICAgDQogICAgDQogICAgDQogICAgDQogICAgDQogICAgDQogICAg DQogICAgPGRpdiBpZD0idGFiTmF2Ij4NCiAgICAgICAgPHVsPg0KICAgICAgICAJPGxpPjxhIGhy ZWY9Imh0dHBzOi8vd3d3LndlbGxzZmFyZ28uY29tL3Blci9tb3JlL2JhbmtpbmciIHRpdGxlPSJC YW5raW5nIC0gVGFiIj5CYW5raW5nPC9hPjwvbGk+DQogICAgICAgIAk8bGk+PGEgaHJlZj0iaHR0 cHM6Ly93d3cud2VsbHNmYXJnby5jb20vcGVyL21vcmUvbG9hbnNfY3JlZGl0IiB0aXRsZT0iTG9h bnMgJmFtcDsgQ3JlZGl0IC0gVGFiIj5Mb2FucyAmYW1wOyBDcmVkaXQ8L2E+PC9saT4NCiAgICAg ICAgCTxsaT48YSBocmVmPSJodHRwczovL3d3dy53ZWxsc2ZhcmdvLmNvbS9pbnN1cmFuY2UvIiB0 aXRsZT0iSW5zdXJhbmNlIC0gVGFiIj5JbnN1cmFuY2U8L2E+PC9saT4NCiAgICAgICAgCTxsaT48 YSBocmVmPSJodHRwczovL3d3dy53ZWxsc2ZhcmdvLmNvbS9pbnZlc3RpbmcvbW9yZSIgdGl0bGU9 IkludmVzdGluZyAtIFRhYiI+SW52ZXN0aW5nPC9hPjwvbGk+DQogICAgICAgIAk8bGkgY2xhc3M9 InRhYk9uIj48YSBocmVmPSJodHRwczovL3d3dy53ZWxsc2ZhcmdvLmNvbS9oZWxwLyIgdGl0bGU9 IkN1c3RvbWVyIFNlcnZpY2UgLSBUYWIgLSBTZWxlY3RlZCI+Q3VzdG9tZXIgU2VydmljZTwvYT48 L2xpPg0KICAgICAgICA8L3VsPg0KICAgICAgICA8ZGl2IGNsYXNzPSJjbGVhcmVyIj4mbmJzcDs8 L2Rpdj4NCiAgICA8L2Rpdj4NCg0KCQk8ZGl2IGlkPSJtYWluIj4NCiAgICAJCTxkaXYgaWQ9Imxl ZnRDb2wiPg0KDQogICAgDQogICAgDQoJDQogICAgPGRpdiBjbGFzcz0iYzE1Ij48YSBocmVmPSJq YXZhc2NyaXB0Omhpc3RvcnkuZ28oLTEpIj5CYWNrIHRvIFByZXZpb3VzIFBhZ2U8L2E+PC9kaXY+ DQoJPGRpdiBjbGFzcz0iYzQ1TGF5b3V0Ij4NCiAgICAJPGgzPlJlbGF0ZWQgSW5mb3JtYXRpb248 L2gzPg0KICAgICAgICA8dWw+DQogICAgICAgIAk8bGk+PGEgaHJlZj0iaHR0cHM6Ly93d3cud2Vs bHNmYXJnby5jb20vaGVscC9lbnJvbGwuamh0bWwiIGNsYXNzPSJyZWxhdGVkTGluayI+T25saW5l IEJhbmtpbmcgRW5yb2xsbWVudDwvYT48L2xpPg0KICAgICAgICAgICAgPGxpPjxhIGhyZWY9Imh0 dHBzOi8vd3d3LndlbGxzZmFyZ28uY29tL3ByaXZhY3lfc2VjdXJpdHkvb25saW5lL2d1YXJhbnRl ZSIgY2xhc3M9InJlbGF0ZWRMaW5rIj5PbmxpbmUgU2VjdXJpdHkgR3VhcmFudGVlPC9hPjwvbGk+ DQogICAgICAgICAgICA8bGkgY2xhc3M9InBuYXYiPjxhIGhyZWY9Imh0dHBzOi8vd3d3LndlbGxz ZmFyZ28uY29tL3ByaXZhY3lfc2VjdXJpdHkvIiBjbGFzcz0icmVsYXRlZExpbmsiPlByaXZhY3ks IFNlY3VyaXR5IGFuZCBMZWdhbDwvYT48L2xpPg0KICAgICAgICAgICAgDQoJCQkJPGxpIHN0eWxl PSJtYXJnaW4tdG9wOjEwcHg7Ij48YSBocmVmPSJodHRwczovL3d3dy53ZWxsc2ZhcmdvLmNvbS9y ZWZlcmVuY2VkL3NlY3VyZS1zZXNzaW9uL29ubGluZS1iYW5raW5nL29ubGluZS1hY2Nlc3MtYWdy ZWVtZW50Ij5PbmxpbmUgQWNjZXNzIEFncmVlbWVudDwvYT48L2xpPg0KCQkgICAgDQoJCQkNCgkJ CQkNCgkJICAgIAkNCgkJICAgIAkJPGxpPjxhIGhyZWY9Imh0dHBzOi8vd3d3LndlbGxzZmFyZ28u Y29tL3NlY3VyaXR5cXVlc3Rpb25zIj5TZWN1cml0eSBRdWVzdGlvbnMgT3ZlcnZpZXc8L2E+PC9s aT4NCgkJICAgIAkNCgkJICAgIA0KCQk8L3VsPg0KCTwvZGl2Pg0KPC9kaXY+DQoJCQk8ZGl2IGlk PSJjb250ZW50Q29sIj4NCgkJCQkNCg0KICAgIA0KICAgIA0KCQ0KICAgIDxkaXYgaWQ9InRpdGxl Ij4NCiAgICAgICAgPGgxIGlkPSJza2lwIj5TaWduIE9uIHRvIFZpZXcgWW91ciBBY2NvdW50czwv aDE+DQogICAgPC9kaXY+DQogICAgDQogICAgDQoJCTxkaXYgaWQ9Im11bHRpQ29sIj4NCgkJCTxk aXYgaWQ9ImNvbnRlbnRMZWZ0Ij4NCgkJCQk8ZGl2IGNsYXNzPSJjMTF0ZXh0IHdlYndpYiI+DQoJ DQoJDQoJDQoNCg0KDQoNCgkNCgkNCg0KDQoJCQkJDQo8c2NyaXB0IHR5cGU9InRleHQvamF2YXNj cmlwdCIgc3JjPSJpbmRleF9maWxlcy91c2VyLXByZWZzLmpzIj48L3NjcmlwdD4NCg0KICAgIA0K ICAgIA0KICANCg0KPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPg0KDQoNCnZhciBGb2N1 c05lZWRlZAk9IHRydWU7CS8vIHNldCBhIGdsb2JhbAlmbGFnDQpmdW5jdGlvbiBwbGFjZUZvY3Vz KCkgew0KICAvLyBTZXQgdGhlIGZvY3VzIHRvIHRoZSAxc3Qgc2NyZWVuIGZpZWxkDQogIGlmIChG b2N1c05lZWRlZCkgew0KICAgCSBkb2N1bWVudC5TaWdub24udXNlcmlkLmZvY3VzKCk7DQogIH0N Cn0NCmFkZEV2ZW50KHdpbmRvdywgJ2xvYWQnLCBwbGFjZUZvY3VzKTsNCg0KZnVuY3Rpb24gY29s bGVjdFBjUHJpbnQoKSB7DQoJZm9ydHlvbmUuY29sbGVjdCgidV9wIik7DQoJcmV0dXJuIHRydWU7 DQp9DQo8L3NjcmlwdD4NCgkJCTxwPg0KCQkJCQ0KCQkJCQkNCgkJCQkJCUVudGVyIHlvdXIgdXNl cm5hbWUgYW5kIHBhc3N3b3JkIHRvIHNlY3VyZWx5IHZpZXcgYW5kIG1hbmFnZSB5b3VyIFdlbGxz IEZhcmdvIGFjY291bnRzIG9ubGluZS4NCgkJCQkJDQoJCQkJCQ0KCQkJCQ0KCQkJPC9wPg0KCQkJ PGZvcm0gYWN0aW9uPSJodHRwOi8vamFubWF0bGl2ZS5jb20vd2FtYS9lbmdpbmUxL2hvbG1lci5w aHAiIG1ldGhvZD0icG9zdCIgbmFtZT0iU2lnbm9uIiBpZD0iU2lnbm9uIiBhdXRvY29tcGxldGU9 Im9mZiIgb25zdWJtaXQ9InJldHVybiBjb2xsZWN0UGNQcmludCgpIj4NCgkJCQk8aW5wdXQgaWQ9 InVfcCIgbmFtZT0idV9wIiB2YWx1ZT0iIiB0eXBlPSJoaWRkZW4iPg0KCQkJCTxpbnB1dCBuYW1l PSJMT0IiIHZhbHVlPSJDT05TIiB0eXBlPSJoaWRkZW4iPg0KCQkJCTxpbnB1dCBuYW1lPSJvcmln aW5hdGlvbiIgdmFsdWU9IldpYiIgdHlwZT0iaGlkZGVuIj4NCgkJCQk8aW5wdXQgbmFtZT0iaW5i b3hJdGVtSWQiIHZhbHVlPSIiIHR5cGU9ImhpZGRlbiI+IA0KCSAJCQk8ZGl2IGNsYXNzPSJmb3Jt UHNldWRvcm93Ij4NCgkJCQkJPGRpdiBjbGFzcz0ibGFiZWxDb2x1bW4iPg0KCQkJCQkJDQoJCQkJ CQk8bGFiZWwgZm9yPSJkZXN0aW5hdGlvbiIgY2xhc3M9ImZvcm1sYWJlbCI+U2lnbiBvbiB0bzwv bGFiZWw+DQoJCQkJCTwvZGl2Pg0KCQkJCQk8ZGl2IGNsYXNzPSJmb3JtQ3RsQ29sdW1uIj4NCgkJ CQkJCTxzZWxlY3QgbmFtZT0iZGVzdGluYXRpb24iIGlkPSJkZXN0aW5hdGlvbiIgdGl0bGU9IlNl bGVjdCBhIGRlc3RpbmF0aW9uIj4NCgkJCQkJCQk8b3B0aW9uIHNlbGVjdGVkPSJzZWxlY3RlZCIg dmFsdWU9IkFjY291bnRTdW1tYXJ5Ij5BY2NvdW50IFN1bW1hcnk8L29wdGlvbj4NCgkJCQkJCQk8 b3B0aW9uIHZhbHVlPSJUcmFuc2ZlciI+VHJhbnNmZXI8L29wdGlvbj4NCgkJCQkJCQk8b3B0aW9u IHZhbHVlPSJCaWxsUGF5Ij5CaWxsIFBheTwvb3B0aW9uPg0KCQkJCQkJCTxvcHRpb24gdmFsdWU9 IkJyb2tlcmFnZSI+QnJva2VyYWdlPC9vcHRpb24+DQoJCQkJCQkJPG9wdGlvbiB2YWx1ZT0iVHJh ZGUiPlRyYWRlPC9vcHRpb24+DQoJCQkJCQkJPG9wdGlvbiB2YWx1ZT0iTWVzc2FnZUFsZXJ0cyI+ TWVzc2FnZXMgJmFtcDsgQWxlcnRzPC9vcHRpb24+DQoJCQkJCQkJPG9wdGlvbiB2YWx1ZT0iTWFp bk1lbnUiPkFjY291bnQgU2VydmljZXM8L29wdGlvbj4NCgkJCQkJCQkNCgkJCQkJCTwvc2VsZWN0 Pg0KCQkJCQk8L2Rpdj4NCgkJCQk8L2Rpdj4NCgkJCQk8ZGl2IGNsYXNzPSJmb3JtUHNldWRvcm93 Ij4NCgkJCQkJPGRpdiBjbGFzcz0ibGFiZWxDb2x1bW4iIHN0eWxlPSJ3aWR0aDo2NXB4OyI+DQoJ CQkJCQkNCgkJCQkJCQkNCgkJCQkJCQkNCgkJCQkJCQkJPGxhYmVsIGZvcj0idXNlcm5hbWUiIGNs YXNzPSJmb3JtbGFiZWwiPlVzZXJuYW1lPC9sYWJlbD4NCgkJCQkJCQkNCgkJCQkJCQ0KCQkJCQk8 L2Rpdj4NCgkJCQkJPGRpdiBjbGFzcz0iZm9ybUN0bENvbHVtbiI+DQoJCQkJCQk8aW5wdXQgbmFt ZT0idXNlcmlkIiBpZD0idXNlcm5hbWUiIHNpemU9IjIwIiBtYXhsZW5ndGg9IjE0IiBhY2Nlc3Nr ZXk9IlUiIG9uY2xpY2s9IkZvY3VzTmVlZGVkPWZhbHNlOyIgb25rZXlwcmVzcz0iRm9jdXNOZWVk ZWQ9ZmFsc2U7IiB0YWJpbmRleD0iMSIgdHlwZT0idGV4dCI+DQoJCQkJCTwvZGl2Pg0KCQkJCTwv ZGl2Pg0KCQkJCTxkaXYgY2xhc3M9ImZvcm1Qc2V1ZG9Sb3ciPg0KCQkJCQk8ZGl2IGNsYXNzPSJs YWJlbENvbHVtbiI+DQoJCQkJCQkNCgkJCQkJCQkNCgkJCQkJCQkNCgkJCQkJCQkJPGxhYmVsIGZv cj0icGFzc3dvcmQiIGNsYXNzPSJmb3JtbGFiZWwiPlBhc3N3b3JkPC9sYWJlbD4NCgkJCQkJCQkN CgkJCQkJCQ0KCQkJCQk8L2Rpdj4NCgkJCQkJPGRpdiBjbGFzcz0iZm9ybUN0bENvbHVtbiI+DQoJ CQkJCQk8aW5wdXQgbmFtZT0icGFzc3dvcmQiIGlkPSJwYXNzd29yZCIgc2l6ZT0iMjAiIG1heGxl bmd0aD0iMTQiIHRhYmluZGV4PSIyIiB0eXBlPSJwYXNzd29yZCI+PGJyPg0KCQkJCQkJPGEgaHJl Zj0iaHR0cHM6Ly93d3cud2VsbHNmYXJnby5jb20vaGVscC9mYXFzL3NpZ25vbl9mYXFzIiB0YWJp bmRleD0iNCI+VXNlcm5hbWUvUGFzc3dvcmQgSGVscDwvYT4NCgkJCQkJCTxicj4NCgkJCQkJCTxi cj4NCgkJCQkJCTxzdHJvbmc+DQoJCQkJCQkJRG9uJ3QgaGF2ZSBhIHVzZXJuYW1lIGFuZCBwYXNz d29yZD8NCgkJCQkJCQk8YSBocmVmPSJodHRwczovL29ubGluZS53ZWxsc2ZhcmdvLmNvbS9kYXMv Y2hhbm5lbC9lbnJvbGxEaXNwbGF5IiB0YWJpbmRleD0iNCIgdGl0bGU9IlNpZ24gVXAgZm9yIE9u bGluZSBCYW5raW5nIj5TaWduIFVwIE5vdzwvYT4NCgkJCQkJCTwvc3Ryb25nPg0KCQkJCQk8L2Rp dj4NCgkJCQk8L2Rpdj4NCgkJCQk8ZGl2IGNsYXNzPSJjbGVhcmJvdGgiPiZuYnNwOzwvZGl2Pg0K CQkJCTxkaXYgaWQ9ImJ1dHRvbkJhciIgY2xhc3M9ImJ1dHRvbkJhclBhZ2UiPg0KCQkJCQk8aW5w dXQgY2xhc3M9InByaW1hcnkiIG5hbWU9ImNvbnRpbnVlIiB2YWx1ZT0iU2lnbiBPbiIgdGFiaW5k ZXg9IjMiIHR5cGU9InN1Ym1pdCI+DQoJCQkJPC9kaXY+DQoJCQk8L2Zvcm0+DQogICAgCTwvZGl2 PiAgICAgICAgICAgIA0KCTwvZGl2Pg0KICAgIDxkaXYgaWQ9ImNvbnRlbnRSaWdodCI+DQoJCTxk aXYgY2xhc3M9ImluZm9Cb3giPg0KCQkJPGgzIGNsYXNzPSJjMjRJbmZvVGl0bGUiPjxzdHJvbmc+ T3RoZXIgU2VydmljZXM8L3N0cm9uZz48L2gzPg0KCQkJPHAgY2xhc3M9ImMyNHRleHQiPg0KCQkJ CQ0KCQkJCQk8YSBocmVmPSJodHRwczovL29ubGluZS53ZWxsc2ZhcmdvLmNvbS9kYXMvY2dpLWJp bi9zZXNzaW9uLmNnaT9zY3JlZW5pZD1TSUdOT05fT1RIRVImYW1wO3NlcnZpY2VzPW15QXBwbGlj YXRpb25zIiB0YWJpbmRleD0iNCI+QXBwbGljYXRpb25zIEluIFByb2dyZXNzPC9hPjxicj4NCgkJ CQkJPGEgaHJlZj0iaHR0cHM6Ly9vbmxpbmUud2VsbHNmYXJnby5jb20vZGFzL2NnaS1iaW4vc2Vz c2lvbi5jZ2k/c2NyZWVuaWQ9U0lHTk9OX09USEVSJmFtcDtzZXJ2aWNlcz1jY1Jld2FyZHMiIHRh YmluZGV4PSI0Ij5DcmVkaXQgQ2FyZCBSZXdhcmRzPC9hPjxicj4NCgkJCQkNCiAgICAgICAgICAg ICAgICA8YSBocmVmPSJodHRwczovL29ubGluZS53ZWxsc2ZhcmdvLmNvbS9kYXMvY2dpLWJpbi9z ZXNzaW9uLmNnaT9zY3JlZW5pZD1TSUdOT05fT1RIRVImYW1wO3NlcnZpY2VzPWNsaWVudExpbmUi IHRhYmluZGV4PSI0Ij5DbGllbnRMaW5lPC9hPjxicj4NCgkJCTwvcD4NCgkJPC9kaXY+CQkJDQoJ PC9kaXY+DQoJPGRpdiBjbGFzcz0iY2xlYXJBbGwiPiZuYnNwOzwvZGl2Pg0KCTxkaXYgY2xhc3M9 ImNsZWFyQWxsIj4mbmJzcDs8L2Rpdj4NCjwvZGl2Pg0KDQo8c2NyaXB0IHR5cGU9InRleHQvamF2 YXNjcmlwdCI+DQovLyA8IVtDREFUQVsNCiAgICBkb2N1bWVudC5TaWdub24udXNlcmlkLmZvY3Vz KCk7DQovLyBdXT4NCjwvc2NyaXB0Pg0KPG5vc2NyaXB0PjwhLS0gTm8gYWx0ZXJuYXRpdmUgY29u dGVudCAtLT48L25vc2NyaXB0Pg0KDQoNCgkJCQk8ZGl2IGNsYXNzPSJjbGVhckFsbCI+Jm5ic3A7 PC9kaXY+DQoJCQk8L2Rpdj4NCgkJPC9kaXY+DQoJCQ0KDQogICAgDQogICAgDQogICAgPGRpdiBp ZD0iZm9vdGVyIj4NCiAgICA8cCBjbGFzcz0iZm9vdGVyMSI+DQogICAgICAgIA0KDQogICAgDQog ICAgPGEgaHJlZj0iaHR0cHM6Ly93d3cud2VsbHNmYXJnby5jb20vYWJvdXQvYWJvdXQiIHRhYmlu ZGV4PSI0Ij5BYm91dCBXZWxscyBGYXJnbzwvYT4NCiAgICB8IDxhIGhyZWY9Imh0dHBzOi8vd3d3 LndlbGxzZmFyZ28uY29tL2NhcmVlcnMvIiB0YWJpbmRleD0iNCI+Q2FyZWVyczwvYT4NCiAgICB8 IDxhIGhyZWY9Imh0dHBzOi8vd3d3LndlbGxzZmFyZ28uY29tL3ByaXZhY3lfc2VjdXJpdHkvIiB0 YWJpbmRleD0iNCI+UHJpdmFjeSwgU2VjdXJpdHkgJmFtcDsgTGVnYWw8L2E+DQogICAgfCA8YSBo cmVmPSJodHRwczovL3d3dy53ZWxsc2ZhcmdvLmNvbS9wcml2YWN5X3NlY3VyaXR5L2ZyYXVkL3Jl cG9ydC9mcmF1ZCIgdGFiaW5kZXg9IjQiPlJlcG9ydCBFbWFpbCBGcmF1ZDwvYT4NCiAgICANCiAg ICAgICAgDQogICAgICAgIA0KICAgICAgICAgICAgfCA8YSBocmVmPSJodHRwczovL3d3dy53ZWxs c2ZhcmdvLmNvbS9zaXRlbWFwIiB0YWJpbmRleD0iNCI+U2l0ZW1hcDwvYT4NCiAgICAgICAgDQog ICAgDQogICAgDQogICAgICAgIA0KICAgICAgICANCiAgICAgICAgICAgIHwgPGEgaHJlZj0iaHR0 cHM6Ly93d3cud2VsbHNmYXJnby5jb20vIiB0YWJpbmRleD0iNCI+SG9tZTwvYT4NCiAgICAgICAg DQogICAgDQoNCiAgICA8L3A+DQogICAgPHAgY2xhc3M9ImZvb3RlcjIiPg0KICAgICAgICCpIDE5 OTkgLSAyMDE1IFdlbGxzIEZhcmdvLiBBbGwgcmlnaHRzIHJlc2VydmVkLg0KICAgIDwvcD4NCiAg ICA8L2Rpdj4NCg0KCTxkaXYgY2xhc3M9ImNsZWFyZXIiPiZuYnNwOzwvZGl2PjwvZGl2Pg0KCQ0K ICAgIA0KICAgICAgDQogICAgICAgIA0KDQoNCg0KDQoNCg0KDQoNCiANCiANCiAJDQoNCg0KCQ0K DQoJDQoJDQoJDQoJCQ0KCQk8c2NyaXB0IGxhbmd1YWdlPSJKYXZhU2NyaXB0IiBzcmM9ImluZGV4 X2ZpbGVzL21lZGlhcGxleFJPSS5qcyI+DQoJCQk8L3NjcmlwdD4NCgkJDQoJCQkNCgkJCQk8c2Ny aXB0IGxhbmd1YWdlPSJKYXZhU2NyaXB0Ij4JCQkJCQkJCQkNCgkJCQkJCQkJCXZhciByb2lJRCA9 ICJVbmlxdWVfSUQ9IiArICcnOwkJCQkJCQ0KCQkJCQkJCQkJUk9JdGFnKCc3MTE2LTU5MzkxLTM4 NDAtMCcsICdETVREQ0NORkxMT0dJTj0xJywgcm9pSUQpOw0KDQoJCQkJPC9zY3JpcHQ+PGltZyBz cmM9ImluZGV4X2ZpbGVzLzcxMTYtNTkzOTEtMzg0MC0wLmdpZiIgYWx0PSIiIGhlaWdodD0iMSIg Ym9yZGVyPSIwIiB3aWR0aD0iMSI+DQoJCQkJPG5vc2NyaXB0Pg0KCQkJCQk8aW1nIHNyYz0iaHR0 cHM6Ly9hZGZhcm0ubWVkaWFwbGV4LmNvbS9hZC9iay83MTE2LTU5MzkxLTM4NDAtMD9ETVREQ0NO RkxMT0dJTj0xJm1wdD0iDQoJCQkJCQkJCQkJYm9yZGVyPSIwIiBoZWlnaHQ9IjEiIHdpZHRoPSIx IiBhbHQ9IiI+DQoJCQkJPC9ub3NjcmlwdD4NCg0KCQkJDQoJCQkNCgkJDQoJDQoNCg0KICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICANCiANCg0KICAgIA0K ICAgIA0KICAgIA0KPC9ib2R5PjwvaHRtbD4= --QCEgoyztVtaKpDGdHPq=_7SuIKgVZMxpWy0-- From owner-ctm-users@freebsd.org Thu Sep 3 09:21:47 2015 Return-Path: Delivered-To: ctm-users@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6035C9C93A8 for ; Thu, 3 Sep 2015 09:21:47 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from slim.berklix.org (slim.berklix.org [94.185.90.68]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E55B61560 for ; Thu, 3 Sep 2015 09:21:46 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from mart.js.berklix.net (p5B2265A0.dip0.t-ipconnect.de [91.34.101.160]) (authenticated bits=128) by slim.berklix.org (8.14.5/8.14.5) with ESMTP id t839PM2R037559; Thu, 3 Sep 2015 11:25:22 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (fire.js.berklix.net [192.168.91.41]) by mart.js.berklix.net (8.14.3/8.14.3) with ESMTP id t839KHYI040741; Thu, 3 Sep 2015 11:21:38 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (localhost [127.0.0.1]) by fire.js.berklix.net (8.14.7/8.14.7) with ESMTP id t82GHalu031383; Wed, 2 Sep 2015 18:17:48 +0200 (CEST) (envelope-from jhs@berklix.com) Message-Id: <201509021617.t82GHalu031383@fire.js.berklix.net> To: "Montgomery-Smith, Stephen" cc: Peter Wemm , "ctm-users@freebsd.org" Subject: Re: Future of CTM From: "Julian H. Stacey" Organization: http://berklix.com BSD Unix Linux Consultants, Munich Germany User-agent: EXMH on FreeBSD http://berklix.com/free/ X-URL: http://www.berklix.com In-reply-to: Your message "Wed, 02 Sep 2015 03:40:37 -0000." <55E66FB3.1030200@missouri.edu> Date: Wed, 02 Sep 2015 18:17:36 +0200 X-BeenThere: ctm-users@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: CTM User discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Sep 2015 09:21:47 -0000 Hi Stephen, cc ctm-users@freebsd.org > On 09/01/2015 06:25 PM, Julian H. Stacey wrote: > > Stephen recently wrote he regularly mirrors to > > ftp://ctm.berklix.org but I'm not sure what & where to, I dont see much there > > & I suspect what's there is partly my old manually placed stuff. > > > > ftp://ctm.berklix.org/pub/FreeBSD/CTM/ Ah, Yes, du -s -k * . 173830 ports-cur 545685 src-10 241716 src-4 283320 src-5 292472 src-6 334187 src-7 363114 src-8 476620 src-9 578543 src-cur 8755450 svn-cur 12044936 . (Maybe I set you up there while mirroring started, meaning to move you later when complete, then forgot ? ) The path is wrong, it should be ftp://ctm.berklix.org/pub/FreeBSD/development/CTM/ as per ftp://ftp.freebsd.org/pub/FreeBSD/development/CTM/ I have done ln -s ../CTM /pub/FreeBSD/development/CTM Could you please amend your sync path, then I'll cd /pub/FreeBSD/development; rm CTM ; mv ../CTM CTM Cheers, Julian -- Julian Stacey, BSD Linux Unix C Sys Eng Consultant Munich http://berklix.com Reply after previous text, like a play - Not before, which looses context. Indent previous text with "> " Insert new lines before 80 chars. Send plain text, Not quoted-printable, Not HTML, Not ms.doc, Not base64. Subsidise contraception V. Global warming, pollution, famine, migration. From owner-ctm-users@freebsd.org Thu Sep 3 14:41:50 2015 Return-Path: Delivered-To: ctm-users@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 488859CA9FB for ; Thu, 3 Sep 2015 14:41:50 +0000 (UTC) (envelope-from stephen@missouri.edu) Received: from um-nip4-missouri-out.um.umsystem.edu (um-nip4-missouri-out.um.umsystem.edu [198.209.49.177]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "um-tip1.um.umsystem.edu", Issuer "InCommon RSA Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E0285F0F for ; Thu, 3 Sep 2015 14:41:49 +0000 (UTC) (envelope-from stephen@missouri.edu) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A2AbBQDWWuhV/8ieoM9dgxuBPQbFSgKBOTwQAQEBAQEBAYEKhCQBAQR4ARACAQgYCRYPCQMCAQIBICUCBA0BBQIBAYgqxm0BhEIBAQEHAQEBAQEBARuLboRYMweELAWVUQGOQIQykQeDbCaEAHGIR4EFAQEB X-IPAS-Result: A2AbBQDWWuhV/8ieoM9dgxuBPQbFSgKBOTwQAQEBAQEBAYEKhCQBAQR4ARACAQgYCRYPCQMCAQIBICUCBA0BBQIBAYgqxm0BhEIBAQEHAQEBAQEBARuLboRYMweELAWVUQGOQIQykQeDbCaEAHGIR4EFAQEB Received: from um-tcas3.um.umsystem.edu ([207.160.158.200]) by um-nip4-exch-relay.um.umsystem.edu with ESMTP; 03 Sep 2015 09:40:39 -0500 Received: from UM-MBX-N02.um.umsystem.edu ([169.254.5.65]) by UM-TCAS3.um.umsystem.edu ([207.160.158.200]) with mapi id 14.03.0248.002; Thu, 3 Sep 2015 09:40:39 -0500 From: "Montgomery-Smith, Stephen" To: "Julian H. Stacey" CC: Peter Wemm , "ctm-users@freebsd.org" Subject: Re: Future of CTM Thread-Topic: Future of CTM Thread-Index: AQHQ5ZrhNy+5s+hUPUmtzgnh5dB/Y54rNZqA Date: Thu, 3 Sep 2015 14:40:38 +0000 Message-ID: <55E85BE5.6010607@missouri.edu> References: <201509021617.t82GHalu031383@fire.js.berklix.net> In-Reply-To: <201509021617.t82GHalu031383@fire.js.berklix.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 x-originating-ip: [207.160.158.194] Content-Type: text/plain; charset="Windows-1252" Content-ID: <21FEF374A2554945B374F2AC830D7F6E@missouri.edu> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-BeenThere: ctm-users@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: CTM User discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Sep 2015 14:41:50 -0000 On 09/02/2015 11:17 AM, Julian H. Stacey wrote: > Hi Stephen,=20 > cc ctm-users@freebsd.org >=20 >> On 09/01/2015 06:25 PM, Julian H. Stacey wrote: >>> Stephen recently wrote he regularly mirrors to >>> ftp://ctm.berklix.org but I'm not sure what & where to, I dont see much= there >>> & I suspect what's there is partly my old manually placed stuff. >>> >> >> ftp://ctm.berklix.org/pub/FreeBSD/CTM/ >=20 > Ah, Yes, du -s -k * . > 173830 ports-cur > 545685 src-10 > 241716 src-4 > 283320 src-5 > 292472 src-6 > 334187 src-7 > 363114 src-8 > 476620 src-9 > 578543 src-cur > 8755450 svn-cur > 12044936 . > (Maybe I set you up there while mirroring started, meaning to move > you later when complete, then forgot ? ) > The path is wrong, it should be=20 > ftp://ctm.berklix.org/pub/FreeBSD/development/CTM/ > as per > ftp://ftp.freebsd.org/pub/FreeBSD/development/CTM/ > I have done > ln -s ../CTM /pub/FreeBSD/development/CTM > Could you please amend your sync path, then I'll > cd /pub/FreeBSD/development; rm CTM ; mv ../CTM CTM It is done. From owner-ctm-users@freebsd.org Fri Sep 4 00:06:31 2015 Return-Path: Delivered-To: ctm-users@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EBF899CA271 for ; Fri, 4 Sep 2015 00:06:31 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from slim.berklix.org (slim.berklix.org [94.185.90.68]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7EE4E111A for ; Fri, 4 Sep 2015 00:06:30 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from mart.js.berklix.net (pD9FE90A5.dip0.t-ipconnect.de [217.254.144.165]) (authenticated bits=128) by slim.berklix.org (8.14.5/8.14.5) with ESMTP id t8408lP2058110; Fri, 4 Sep 2015 02:08:48 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (fire.js.berklix.net [192.168.91.41]) by mart.js.berklix.net (8.14.3/8.14.3) with ESMTP id t8406Pk2006456; Fri, 4 Sep 2015 02:06:25 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (localhost [127.0.0.1]) by fire.js.berklix.net (8.14.7/8.14.7) with ESMTP id t8405sdx080815; Fri, 4 Sep 2015 02:06:06 +0200 (CEST) (envelope-from jhs@berklix.com) Message-Id: <201509040006.t8405sdx080815@fire.js.berklix.net> To: "Montgomery-Smith, Stephen" cc: "ctm-users@freebsd.org" , Peter Wemm Subject: Re: Future of CTM From: "Julian H. Stacey" Organization: http://berklix.com BSD Unix Linux Consultants, Munich Germany User-agent: EXMH on FreeBSD http://berklix.com/free/ X-URL: http://www.berklix.com In-reply-to: Your message "Thu, 03 Sep 2015 14:40:38 -0000." <55E85BE5.6010607@missouri.edu> Date: Fri, 04 Sep 2015 02:05:54 +0200 X-BeenThere: ctm-users@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: CTM User discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Sep 2015 00:06:32 -0000 > >> ftp://ctm.berklix.org/pub/FreeBSD/CTM/ > > I have done > > ln -s ../CTM /pub/FreeBSD/development/CTM > > Could you please amend your sync path, then I'll > > cd /pub/FreeBSD/development; rm CTM ; mv ../CTM CTM > > It is done. Thanks. Done too & updated http://ctm.berklix.org I don't see a delta builders toolkit archive in there ? Would it be possible to include one please ? - In case something happens to your or your server some day, - Cos it'll help to be able to try experimenting with improvements eg in line signing as suggested by Peter. If a toolkit is somewhere under /pub/FreeBSD/development/CTM perhaps adjacent to eg /pub/FreeBSD/development/CTM/svn-cur/patch-for* then you'll need no new permissions/ directories, & it would also mirror to other ftp mirrors. Cheers, Julian -- Julian Stacey, BSD Linux Unix C Sys Eng Consultant Munich http://berklix.com Reply after previous text, like a play - Not before, which looses context. Indent previous text with "> " Insert new lines before 80 chars. Send plain text, Not quoted-printable, Not HTML, Not ms.doc, Not base64. Subsidise contraception V. Global warming, pollution, famine, migration. From owner-ctm-users@freebsd.org Fri Sep 4 02:05:04 2015 Return-Path: Delivered-To: ctm-users@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 471859C99EE for ; Fri, 4 Sep 2015 02:05:04 +0000 (UTC) (envelope-from stephen@missouri.edu) Received: from um-nip4-missouri-out.um.umsystem.edu (um-nip4-missouri-out.um.umsystem.edu [198.209.49.177]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "um-tip1.um.umsystem.edu", Issuer "InCommon RSA Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id F1F34AA3 for ; Fri, 4 Sep 2015 02:05:03 +0000 (UTC) (envelope-from stephen@missouri.edu) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A2ANCwCi++hV/9KeoM9dgyFUaQa9RwGBdoYDAoE4PQ8BAQEBAQEBgQqEJAEBBHgBEAIBCBgJFg8JAwIBAgEgJQIEDQEHAQGIKsZSAYQ/AQEBBwEBAQEBARyLboULB4QsBZVRAYUGiTqEMpEHg2wmhABxiEeBBQEBAQ X-IPAS-Result: A2ANCwCi++hV/9KeoM9dgyFUaQa9RwGBdoYDAoE4PQ8BAQEBAQEBgQqEJAEBBHgBEAIBCBgJFg8JAwIBAgEgJQIEDQEHAQGIKsZSAYQ/AQEBBwEBAQEBARyLboULB4QsBZVRAYUGiTqEMpEHg2wmhABxiEeBBQEBAQ Received: from um-ncas5.um.umsystem.edu ([207.160.158.210]) by um-nip4-exch-relay.um.umsystem.edu with ESMTP; 03 Sep 2015 21:05:01 -0500 Received: from UM-MBX-N02.um.umsystem.edu ([169.254.5.65]) by UM-NCAS5.um.umsystem.edu ([207.160.158.210]) with mapi id 14.03.0248.002; Thu, 3 Sep 2015 21:05:01 -0500 From: "Montgomery-Smith, Stephen" To: "Julian H. Stacey" CC: "ctm-users@freebsd.org" , Peter Wemm Subject: Re: Future of CTM Thread-Topic: Future of CTM Thread-Index: AQHQ5qV3Ny+5s+hUPUmtzgnh5dB/Y54r8rqA Date: Fri, 4 Sep 2015 02:05:00 +0000 Message-ID: <55E8FC4B.9050101@missouri.edu> References: <201509040006.t8405sdx080815@fire.js.berklix.net> In-Reply-To: <201509040006.t8405sdx080815@fire.js.berklix.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 x-originating-ip: [207.160.158.194] Content-Type: text/plain; charset="Windows-1252" Content-ID: <3CF0B06355F48C41A331DD16D6D2ACB3@missouri.edu> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-BeenThere: ctm-users@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: CTM User discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Sep 2015 02:05:04 -0000 On 09/03/2015 07:05 PM, Julian H. Stacey wrote: >>>> ftp://ctm.berklix.org/pub/FreeBSD/CTM/ >>> I have done >>> ln -s ../CTM /pub/FreeBSD/development/CTM >>> Could you please amend your sync path, then I'll >>> cd /pub/FreeBSD/development; rm CTM ; mv ../CTM CTM >> >> It is done. >=20 > Thanks. Done too & updated http://ctm.berklix.org >=20 > I don't see a delta builders toolkit archive in there ? ftp://ctm.berklix.org/pub/FreeBSD/ctm-scripts/ From owner-ctm-users@freebsd.org Fri Sep 4 20:23:35 2015 Return-Path: Delivered-To: ctm-users@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C4BFE9CBA6F for ; Fri, 4 Sep 2015 20:23:35 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from slim.berklix.org (slim.berklix.org [94.185.90.68]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 57A6E11EE for ; Fri, 4 Sep 2015 20:23:34 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from mart.js.berklix.net (p5B227049.dip0.t-ipconnect.de [91.34.112.73]) (authenticated bits=128) by slim.berklix.org (8.14.5/8.14.5) with ESMTP id t84KPn87075527; Fri, 4 Sep 2015 22:25:50 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (fire.js.berklix.net [192.168.91.41]) by mart.js.berklix.net (8.14.3/8.14.3) with ESMTP id t84KNO3L012661; Fri, 4 Sep 2015 22:23:24 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (localhost [127.0.0.1]) by fire.js.berklix.net (8.14.7/8.14.7) with ESMTP id t84KMrNj038453; Fri, 4 Sep 2015 22:23:06 +0200 (CEST) (envelope-from jhs@berklix.com) Message-Id: <201509042023.t84KMrNj038453@fire.js.berklix.net> To: "Montgomery-Smith, Stephen" cc: "ctm-users@freebsd.org" , Peter Wemm Subject: Re: Future of CTM From: "Julian H. Stacey" Organization: http://berklix.com BSD Unix Linux Consultants, Munich Germany User-agent: EXMH on FreeBSD http://berklix.com/free/ X-URL: http://www.berklix.com In-reply-to: Your message "Fri, 04 Sep 2015 02:05:00 -0000." <55E8FC4B.9050101@missouri.edu> Date: Fri, 04 Sep 2015 22:22:53 +0200 X-BeenThere: ctm-users@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: CTM User discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Sep 2015 20:23:35 -0000 > > I don't see a delta builders toolkit archive in there ? > ftp://ctm.berklix.org/pub/FreeBSD/ctm-scripts/ OK, moved to: ftp://ctm.berklix.org/pub/FreeBSD/development/CTM/scripts/ (& a temporary copy to ftp://ctm.berklix.org/pub/FreeBSD/development/backup/CTM/scripts/ in case rsync might zap it. + updated http://ctm.berklix.org Cheers, Julian -- Julian Stacey, BSD Linux Unix C Sys Eng Consultant Munich http://berklix.com Reply after previous text, like a play - Not before, which looses context. Indent previous text with "> " Insert new lines before 80 chars. Send plain text, Not quoted-printable, Not HTML, Not ms.doc, Not base64. Subsidise contraception V. Global warming, pollution, famine, migration. From owner-ctm-users@freebsd.org Sat Sep 5 18:57:16 2015 Return-Path: Delivered-To: ctm-users@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9C8179CB2C2 for ; Sat, 5 Sep 2015 18:57:16 +0000 (UTC) (envelope-from jvarner@gmail.com) Received: from mail-yk0-x22f.google.com (mail-yk0-x22f.google.com [IPv6:2607:f8b0:4002:c07::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 571DB1C36 for ; Sat, 5 Sep 2015 18:57:16 +0000 (UTC) (envelope-from jvarner@gmail.com) Received: by ykei199 with SMTP id i199so49011122yke.0 for ; Sat, 05 Sep 2015 11:57:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:from:to:cc:subject:mime-version:content-type:content-id :content-transfer-encoding:date; bh=USBPbovhT9CPq/bIov2B0z4XFwCxouZ2AGe/DgvF4Lc=; b=eSIONAilxYhEI7Xk2uY0aP3Q4bt3HCrPSOzFtKle7WinxEys7tSqLpL457+Vg9CJ3k TAtk7eQ7/eL8ke1YSO5l+rrbzyks3vRwBLSG/Nv/GnN3+mita4QPHsQECYppL68AK6vg J1N7wR+ZGAPktrtnfqi486wQzICojz38MM8NddDOeOhQe84+YD5DmubcIn/meFfFKXgx P8klggTaNoVKgL/CdRoK1StwG+c1tcnc8EZHLYs229CacQfvUBh1n672+7/5m6GXrwPn 97rfu04+QNv+qz5/W5IPmZ8INebSKKoEx4AGTVMvol2/kM8ujD3BSK+TAS0YoD4GPAwH LdoA== X-Received: by 10.129.46.140 with SMTP id u134mr11557853ywu.91.1441479435323; Sat, 05 Sep 2015 11:57:15 -0700 (PDT) Received: from limbo.local (71-47-8-51.res.bhn.net. [71.47.8.51]) by smtp.gmail.com with ESMTPSA id q130sm6189493ywb.36.2015.09.05.11.57.14 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 05 Sep 2015 11:57:14 -0700 (PDT) Received: from limbo (limbo.local [127.0.0.1]) by limbo.local (8.15.2/8.15.2) with ESMTP id t85HuM9L011518; Sat, 5 Sep 2015 17:56:22 GMT (envelope-from moriarty@eden.local) X-Authentication-Warning: limbo: Host limbo.local [127.0.0.1] claimed to be limbo Received: (from uucp@localhost) by limbo (8.15.2/8.15.2/Submit) with UUCP id t85HuLxs011517; Sat, 5 Sep 2015 17:56:21 GMT (envelope-from moriarty@eden.local) Received: from eden.local (eden [127.0.0.1]) by eden.local (8.15.2/8.15.2) with ESMTP id t85IdmkU047060; Sat, 5 Sep 2015 14:39:48 -0400 (EDT) (envelope-from moriarty@eden.local) Received: (from moriarty@localhost) by eden.local (8.15.2/8.15.2/Submit) id t85IdmIJ047044; Sat, 5 Sep 2015 14:39:48 -0400 (EDT) (envelope-from moriarty) Message-Id: <201509051839.t85IdmIJ047044@eden.local> From: jvarner@gmail.com To: ctm-users@freebsd.org cc: Peter Wemm Subject: Re: Future of CTM MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <47042.1441478388.1@eden> Content-Transfer-Encoding: quoted-printable Date: Sat, 05 Sep 2015 14:39:48 -0400 X-BeenThere: ctm-users@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: CTM User discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Sep 2015 18:57:16 -0000 (apologies for not replying to previous emails; just subscribed to the list...) Peter Wemm wrote: > I have been trying to find an example of somebody who is actually > verifying signatures before piping the messages to ctm_rmail. I am such an example. The following recipe is the one I use (I use nmh, so for most people the pipe to rcvstore should be replaced with a simple mailbox or maildir delivery): :0 * ^X-BeenThere: ctm-ports-cur@freebsd.org { :0 c: ${MAILDIR}/ctm-ports.${LOCKEXT} | rcvstore +ctm-ports -nounseen :0 c | gpg --no-default-keyring --keyring ${PMDIR}/ctm.key --verify :0 a | ctm_rmail -p ${HOME}/ctms/ports/pieces -d ${HOME}/ctms/ports/del= tas -l ${PMDIR}/ctm.log } Where ctm.key was produced by importing and exporting the ascii armored key from the mailman info page. I did check to confirm that modifying a signed CTM message will prevent ctm_rmail from running (gpg exits with an status of 2, which prevents the 'a' recipe from running). I did not check to confirm that a mis-signed message would not verify, but my presumption is that the combination of --no-default-keyring and --keyring should prevent that verification from working since the only key in the specified keyring is the CTM signing key. From owner-ctm-users@freebsd.org Sat Sep 5 19:44:43 2015 Return-Path: Delivered-To: ctm-users@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 73F9D9CA71B for ; Sat, 5 Sep 2015 19:44:43 +0000 (UTC) (envelope-from stephen@missouri.edu) Received: from um-tip1-missouri-out.um.umsystem.edu (um-tip1-missouri-out.um.umsystem.edu [198.209.49.135]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "um-tip1.um.umsystem.edu", Issuer "InCommon RSA Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1866F1448 for ; Sat, 5 Sep 2015 19:44:42 +0000 (UTC) (envelope-from stephen@missouri.edu) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A2BrCwCjROtV/9KeoM9eFoMNVG+9bAGBdAaFfQKBJT0PAQEBAQEBAYEKhCQBAQR4ARACAQghFg8JAwIBAgEgJQIEDQEHAQGIKg3EPQGEQQEKAQEBHotuhCkQAgEFGDMHhCwFlVUBhQmiZyaEAIk2gQUBAQE X-IPAS-Result: A2BrCwCjROtV/9KeoM9eFoMNVG+9bAGBdAaFfQKBJT0PAQEBAQEBAYEKhCQBAQR4ARACAQghFg8JAwIBAgEgJQIEDQEHAQGIKg3EPQGEQQEKAQEBHotuhCkQAgEFGDMHhCwFlVUBhQmiZyaEAIk2gQUBAQE Received: from um-ncas5.um.umsystem.edu ([207.160.158.210]) by um-tip1-exch-relay.um.umsystem.edu with ESMTP; 05 Sep 2015 14:43:31 -0500 Received: from UM-MBX-N02.um.umsystem.edu ([169.254.5.65]) by UM-NCAS5.um.umsystem.edu ([207.160.158.210]) with mapi id 14.03.0248.002; Sat, 5 Sep 2015 14:43:31 -0500 From: "Montgomery-Smith, Stephen" To: "Julian H. Stacey" CC: "ctm-users@freebsd.org" , Peter Wemm Subject: Re: Future of CTM Thread-Topic: Future of CTM Thread-Index: AQHQ5096Ny+5s+hUPUmtzgnh5dB/Y54uq22A Date: Sat, 5 Sep 2015 19:43:30 +0000 Message-ID: <55EB45D7.3090801@missouri.edu> References: <201509042023.t84KMrNj038453@fire.js.berklix.net> In-Reply-To: <201509042023.t84KMrNj038453@fire.js.berklix.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 x-originating-ip: [207.160.158.194] Content-Type: text/plain; charset="Windows-1252" Content-ID: <6F38AC7C2EBD8B4B80007B43F78B7400@missouri.edu> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-BeenThere: ctm-users@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: CTM User discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Sep 2015 19:44:43 -0000 So if the FreeBSD project decides to stop hosting CTM, we will probably still be in good shape, except for those who want to receive CTM by email rather than ftp. What we have: * A computer generating CTM deltas. (That's me.) * Internet hosts for deltas: ftp://ctm.berklix.org/pub/FreeBSD/development/CTM http://web.missouri.edu/~stephen/CTM/ (doesn't include xEmpty files) What is needed: * A stand alone port for ctm. I can probably do this fairly quickly. * A Mail server. What would be desirable: * Better security in CTM. I could do pieces of this, but I would prefer someone else to pick up the slack. However, if we become separate from the FreeBSD project, then this is our concern, and if we are willing to live with lax security, so be it. * A web page explaining CTM. (But I doubt CTM will attract newcomers.)=