From owner-freebsd-security@FreeBSD.ORG Sun Apr 13 21:47:51 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 19BA11F4; Sun, 13 Apr 2014 21:47:51 +0000 (UTC) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id C886D18EB; Sun, 13 Apr 2014 21:47:50 +0000 (UTC) Received: from nine.des.no (smtp.des.no [194.63.250.102]) by smtp-int.des.no (Postfix) with ESMTP id 92E546592; Sun, 13 Apr 2014 21:47:49 +0000 (UTC) Received: by nine.des.no (Postfix, from userid 1001) id 707FABBA; Sun, 13 Apr 2014 23:47:49 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: David.I.Noel@gmail.com Subject: Re: Retiring portsnap [was MITM attacks against portsnap and freebsd-update] References: <53472B7F.5090001@FreeBSD.org> <53483074.1050100@delphij.net> <44bnw5uwmm.fsf@lowell-desk.lan> Date: Sun, 13 Apr 2014 23:47:49 +0200 In-Reply-To: (David Noel's message of "Sun, 13 Apr 2014 16:07:09 -0500") Message-ID: <86zjjosxyy.fsf@nine.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: Lowell Gilbert , freebsd-security@freebsd.org, security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Apr 2014 21:47:51 -0000 David Noel writes: > The server-side code of the FreeBSD portsnap system -- a closed source > fork of the open source portsnap project -- happens to use secured > access for pulling data from svn. So by your definition, every single Apache server on the planet runs "a closed source fork of the open source Apache project" because they do not use the exact same httpd.conf? Do you understand the concept of a configuration file? DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no