Date: Sat, 30 Aug 2014 11:25:14 +0100 From: Arthur Chance <freebsd@qeng-ho.org> To: "William A. Mahaffey III" <wam@hiwaay.net>, "FreeBSD Questions !!!!" <freebsd-questions@freebsd.org> Subject: Re: Ports question .... Message-ID: <5401A68A.8010600@qeng-ho.org> In-Reply-To: <20140829211147.GA11696@slackbox.erewhon.home> References: <53FF8675.2070009@hiwaay.net> <20140828225153.GA8923@slackbox.erewhon.home> <54006B57.8070703@hiwaay.net> <20140829211147.GA11696@slackbox.erewhon.home>
next in thread | previous in thread | raw e-mail | index | archive | help
On 29/08/2014 22:11, Roland Smith wrote: > On Fri, Aug 29, 2014 at 07:00:23AM -0500, William A. Mahaffey III wrote: >> >> On 08/28/14 17:51, Roland Smith wrote: >>> On Thu, Aug 28, 2014 at 02:43:49PM -0500, William A. Mahaffey III wrote: >>>> >>>> .... How do I check to see if the ports collection has been updated ? I >>>> had some problems a week or so ago getting some stuff to compile. There >>>> were some later posts alluding to some ports being a bit stale .... If >>>> that was my problem, I'd like to update & try again .... >>> The http://www.freshports.org/ site gives a nice overview of recent port >>> changes. It also lists the SVN revision. If you use subversion to keep your >>> ports tree up to date you can check the state of your ports tree with; >>> >>> > svnlite log -r HEAD /usr/ports/ >>> ------------------------------------------------------------------------ >>> r366459 | danilo | 2014-08-29 00:34:41 +0200 (Fri, 29 Aug 2014) | 2 lines >>> >>> - Update from 1.40.01 to 1.40.02 >>> >>> ------------------------------------------------------------------------ >>> >>> In this case my ports tree is at r366459. >>> >>> Generally I like to update my ports tree weekly. That *generally* makes for >>> relatively small updates using svnlite (in the base system in FreeBSD 10) and >>> ports-mgmt/portmaster; >>> >>> # svnlite /usr/ports >>> # less /usr/ports/UPDATING >>> # portmaster -ai >>> >>> Reading UPDATING is important! Sometimes updates need special actions. >> >> This sounds like it is very close to what I am looking for. I typed in >> the above command & the shell said command not found .... What pkg('s) >> do I need for svnlite support ? TIA .... > > Svnlite is in the base system in FreeBSD 10. You can use the devel/subversion > port instead. The executable is called “svn”. > > Currently you can also use portsnap (which is also in the base system in > FreeBSD 10) to update the ports tree. But it is vulnerable to > man-in-the-middle attacks.[1] Unless someone steps up to fix this, one of the > possible scenarios is to retire portsnap once svnlite is in all supported > releases. > > [1]: http://lists.freebsd.org/pipermail/freebsd-questions/2014-April/257394.html I have no idea how the core and security teams are going to deal with the MITM vulnerability of portsnap, although I hope it's by fixing portsnap rather than dropping it, but for my own uses I consider the attack to be a theoretical one rather than a practical one. This is not to say it couldn't be used against anybody - all system admins should make their own decisions based on their own circumstances - but in my case either an attacker would have to compromise a large, highly reputable UK ISP or one of the larger Internet exchanges on the planet, or they'd have to subject Amazon to a sufficiently large enough DDoS attack to knock out its EU AWS centre while compromising both of two routes to the secondary servers, and this would have to be done during the hour long window each week in which I update ports. This would be an extraordinary amount of work to attack a site that has very little value to criminals and no interest to state actors, and it would probably require the resources of a state actor to do so, but for them it would be cheaper to simply bug my home network while I'm out, or just serve me with a search warrant. Given this, the speed and convenience of portsnap wins hands down. To stand an old joke on its head, yes, as a system admin I'm paranoid, but not clinically so.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5401A68A.8010600>