From owner-freebsd-arch@FreeBSD.ORG  Mon Aug  8 19:54:23 2005
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
X-Original-To: freebsd-arch@freebsd.org
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BC9CE16A41F
	for <freebsd-arch@freebsd.org>; Mon,  8 Aug 2005 19:54:23 +0000 (GMT)
	(envelope-from cperciva@freebsd.org)
Received: from pd4mo2so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net
	[24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 53CA443D46
	for <freebsd-arch@freebsd.org>; Mon,  8 Aug 2005 19:54:23 +0000 (GMT)
	(envelope-from cperciva@freebsd.org)
Received: from pd5mr1so.prod.shaw.ca
	(pd5mr1so-qfe3.prod.shaw.ca [10.0.141.232]) by l-daemon
	(Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004))
	with ESMTP id <0IKX007SX5X2BJA0@l-daemon> for freebsd-arch@freebsd.org;
	Mon, 08 Aug 2005 13:53:26 -0600 (MDT)
Received: from pn2ml1so.prod.shaw.ca ([10.0.121.145])
	by pd5mr1so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01
	(built Mar
	15 2004)) with ESMTP id <0IKX0070T5X2MTL0@pd5mr1so.prod.shaw.ca> for
	freebsd-arch@freebsd.org; Mon, 08 Aug 2005 13:53:26 -0600 (MDT)
Received: from [192.168.0.60]
	(S0106006067227a4a.vc.shawcable.net [24.87.209.6]) by l-daemon
	(iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003))
	with ESMTP id <0IKX00HBM5X2JG@l-daemon> for freebsd-arch@freebsd.org;
	Mon, 08 Aug 2005 13:53:26 -0600 (MDT)
Date: Mon, 08 Aug 2005 12:53:25 -0700
From: Colin Percival <cperciva@freebsd.org>
In-reply-to: <20050807214618.GG70957@pcwin002.win.tue.nl>
To: Stijn Hoop <stijn@win.tue.nl>
Message-id: <42F7B835.4050504@freebsd.org>
MIME-version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: 7bit
X-Accept-Language: en-us, en
References: <42F5BC19.5040602@freebsd.org>
	<20050807.211240.75793221.hrs@allbsd.org>
	<42F60443.2040301@freebsd.org>
	<20050807.231125.26489231.hrs@allbsd.org>
	<42F61960.4020400@freebsd.org>
	<20050807160452.GF70957@pcwin002.win.tue.nl>
	<42F632B3.90704@freebsd.org>
	<20050807214618.GG70957@pcwin002.win.tue.nl>
User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050724)
Cc: freebsd-arch@freebsd.org
Subject: Re: /usr/portsnap vs. /var/db/portsnap
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Aug 2005 19:54:23 -0000

Stijn Hoop wrote:
> On Sun, Aug 07, 2005 at 09:11:31AM -0700, Colin Percival wrote:
>>Two reasons come to mind: First, the portsnap chain of security starts
>>with running cvsup to cvsup-master through a tunnel to freefall... a
>>non-committer wouldn't be able to do that.
> 
> OK, I'm still arguing in the hypothetical case, but why is it insecure
> then to redistribute a copy of a portsnap'd ports tree + local patches?

Hmm.  I didn't think of that option.  I guess it would be ok, as long as
the machine which was doing the repackaging was kept secure.

Colin Percival