From owner-freebsd-security@FreeBSD.ORG Thu Nov 3 15:28:21 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 660FF16A41F; Thu, 3 Nov 2005 15:28:21 +0000 (GMT) (envelope-from nielsen-list@memberwebs.com) Received: from mail.npubs.com (mail.zoneseven.net [209.66.100.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id 21AB443D48; Thu, 3 Nov 2005 15:28:21 +0000 (GMT) (envelope-from nielsen-list@memberwebs.com) From: Nate Nielsen User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051013) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Colin Percival References: <20051027233106.377D070DCE3@mail.npubs.com> <4361CD31.1080707@freebsd.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Message-Id: <20051103153958.4609E70DD46@mail.npubs.com> X-Virus-Scanned: ClamAV using ClamSMTP Date: Thu, 3 Nov 2005 15:39:58 +0000 (GMT) Cc: freebsd-security@freebsd.org, Nielsen Subject: Re: Is the server portion of freebsd-update open source? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: nielsen@memberwebs.com List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Nov 2005 15:28:21 -0000 Colin Percival wrote: > The FreeBSD Update build code is... umm... somewhere in between. I think > the best way to explain it is to say that I don't care about copyright on > the build code, but the code is a stinking pile of hacks upon hacks with > multiple known bugs -- so I don't particularly want to expose it to public > scrutiny and I doubt that it will be very useful either. > > Rewriting the build code is approaching the top of my todo list, but isn't > there quite yet; in the meantime, if you can send me more details about what > you want to do I'll see if I can accommodate you. Thanks. Sorry for not getting back to you right away. The guys I'm developing this project for have bought into open source and are hesitant about using technology which isn't totally transparent and open to peer review. But in any case (after discussion), it seems like freebsd-update is in fact the closest thing to what we need. We have a many little embedded boxes in the field, and they need to pull down updates. The updates are obviously non-standard: - Built with NOSHARED=no (all dynamic linking, no static). - Updates of various ports, like isc-dhcpd, quagga, vpn stuff etc. - Updates of our own customized binaries. - Custom kernel. - Greatly reduced fileset. Getting access to the build code would keep us from having to implement our own system (which would probably end up being based on bsdiff/bspatch anyway). Of course this is not a demand, but a request. BTW, thanks for all you do toward security on FreeBSD. Cheers, Nate Nielsen