From owner-freebsd-ports Sat Jul 15 8: 5: 9 2000 Delivered-To: freebsd-ports@freebsd.org Received: from bmah-freebsd-0.cisco.com (bmah-freebsd-0.cisco.com [171.70.84.42]) by hub.freebsd.org (Postfix) with ESMTP id 181E237B62B; Sat, 15 Jul 2000 08:04:58 -0700 (PDT) (envelope-from bmah@cisco.com) Received: (from bmah@localhost) by bmah-freebsd-0.cisco.com (8.11.0.Beta3/8.11.0.Beta3) id e6FF4se08289; Sat, 15 Jul 2000 08:04:54 -0700 (PDT) (envelope-from bmah) Message-Id: <200007151504.e6FF4se08289@bmah-freebsd-0.cisco.com> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: Ben Smithurst Cc: Warner Losh , Stijn Hoop , "Bruce A. Mah" , ports@FreeBSD.ORG Subject: Re: Version question/request In-Reply-To: <20000715134504.E84045@strontium.scientia.demon.co.uk> References: <20000715115404.D92785@pcwin002.win.tue.nl> <200007150511.XAA01511@billy-club.village.org> <200007150550.e6F5o0P02257@bmah-freebsd-0.cisco.com> <20000715115404.D92785@pcwin002.win.tue.nl> <200007151007.EAA46560@harmony.village.org> <20000715134504.E84045@strontium.scientia.demon.co.uk> Comments: In-reply-to Ben Smithurst message dated "Sat, 15 Jul 2000 13:45:04 +0100." From: bmah@cisco.com (Bruce A. Mah) Reply-To: bmah@cisco.com X-Face: g~c`.{#4q0"(V*b#g[i~rXgm*w;:nMfz%_RZLma)UgGN&=j`5vXoU^@n5v4:OO)c["!w)nD/!!~e4Sj7LiT'6*wZ83454H""lb{CC%T37O!!'S$S&D}sem7I[A 2V%N&+ X-Image-Url: http://www.employees.org/~bmah/Images/bmah-cisco-small.gif X-Url: http://www.employees.org/~bmah/ Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_-1867284186P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Sat, 15 Jul 2000 08:04:54 -0700 Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --==_Exmh_-1867284186P Content-Type: text/plain; charset=us-ascii If memory serves me right, Ben Smithurst wrote: > Warner Losh wrote: > > > You wouldn't have to CVSUP anything. there's be a database maintained > > by the security officer that would contain known bad version ranges. > > The script would contact a central database server, or one of the > > mirrors, grab the whole database (since it will be relatively small), > > How do you suggest that will work for those of us without permanent > Internet connections? Not all the world has cheap/free net access, you > know. I share this concern. We need to support people who can only pull information to their machines infrequently, not whenever a script on the system decides it needs to fetch something. > I suggest making it optional -- either use a local database, which > you can cvsup, or use the central database for those with a permanent > network connection. Maybe there can be a local cached copy, and then the script can run around (right before doing the checks) and see if there are newer versions on the net, in the ports tree, manually updated from a file, etc. Clearly the cache has to be revalidated with respect to its (pick your favorite cryptographic checksum) signing. Bruce. --==_Exmh_-1867284186P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use MessageID: h/PD66mZ3yOUyXUvYmt4qJvrc6HrU2I2 iQA/AwUBOXB9ltjKMXFboFLDEQIEfgCg5bc4DRO6GhoRhIkPkoOD07sh+iYAoJZz rfIomeBQ98vQc8BmtVvFXrXx =RoKr -----END PGP SIGNATURE----- --==_Exmh_-1867284186P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message