From owner-freebsd-ports@FreeBSD.ORG  Tue Sep  6 05:23:42 2011
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C580A1065670
	for <ports@freebsd.org>; Tue,  6 Sep 2011 05:23:42 +0000 (UTC)
	(envelope-from yar.tikhiy@gmail.com)
Received: from mail-yw0-f54.google.com (mail-yw0-f54.google.com
	[209.85.213.54])
	by mx1.freebsd.org (Postfix) with ESMTP id 7FE278FC14
	for <ports@freebsd.org>; Tue,  6 Sep 2011 05:23:42 +0000 (UTC)
Received: by ywa17 with SMTP id 17so211415ywa.13
	for <ports@freebsd.org>; Mon, 05 Sep 2011 22:23:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=message-id:date:from:user-agent:mime-version:to:cc:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	bh=OEjd7tGTCVUC+sCQm1J/HqGV8Y/tnmJNJDDlCug4/WU=;
	b=mIqjbD/nJZsfveq+IKh7zZ9D8Sy15b9WNpiLH0wKJxAdVE3rfpOT71DufX1duuXitz
	Pi0hNaTqFbbw5NFZlXvbwnF3LG6L/Ja9dW1y9dfb1m69yx3b89zGHZM4c85f4JlLa2jw
	Ju+VJAuYBftcMat8BJK+x2D0uwn0XPJQkOpHg=
Received: by 10.236.77.233 with SMTP id d69mr21132056yhe.84.1315284798266;
	Mon, 05 Sep 2011 21:53:18 -0700 (PDT)
Received: from buka.local (ppp121-44-169-130.lns20.syd7.internode.on.net
	[121.44.169.130])
	by mx.google.com with ESMTPS id p73sm7700720yhe.19.2011.09.05.21.53.14
	(version=SSLv3 cipher=OTHER); Mon, 05 Sep 2011 21:53:17 -0700 (PDT)
Message-ID: <4E65A738.7080903@gmail.com>
Date: Tue, 06 Sep 2011 14:53:12 +1000
From: Yar Tikhiy <yar.tikhiy@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.5;
	rv:6.0.1) Gecko/20110830 Thunderbird/6.0.1
MIME-Version: 1.0
To: Kostik Belousov <kostikbel@gmail.com>
References: <CADLo838g=r3C4pHVteObPYrA6VxB7+4banaEXeVrPwGD7MDAtg@mail.gmail.com>
	<CADLo83_A+Oh+i4ZFQ=KnZyvBk0h2pf+bJnjhYHm=5UyacjE3cA@mail.gmail.com>
	<4E6503C2.5080002@aldan.algebra.com>
	<CADLo838bxRPmJS-qzRF9wzGseKr6CoxoXEWb0rmcYDfhK_ZLQg@mail.gmail.com>
	<20110905180214.GS17489@deviant.kiev.zoral.com.ua>
In-Reply-To: <20110905180214.GS17489@deviant.kiev.zoral.com.ua>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: ports@freebsd.org, "Mikhail T." <mi+thun@aldan.algebra.com>,
	Chris Rees <utisoft@gmail.com>
Subject: Re: sysutils/cfs
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Sep 2011 05:23:42 -0000

Hi,

On 9/6/11 4:02 AM, Kostik Belousov wrote:
> On Mon, Sep 05, 2011 at 06:32:00PM +0100, Chris Rees wrote:
>> On 5 Sep 2011 18:15, "Mikhail T."<mi+thun@aldan.algebra.com>  wrote:
>>>
>>> On -10.01.-28163 14:59, Chris Rees wrote:
>>>>>
>>>>> I've had to deprecate sysutils/cfs -- there's a confirmed issue with
>>>>> failing locks [1] which has been open for two years with no fix.
>>>>>
>>>>
>>>> Whoops, also missed a CVE -- buffer overflows can cause a DoS.
>>>> Expiration date altered to 1 month accordingly.
>>>
>>>
>>> Is this the only vulnerability you are talking about?
>>>>
>>>> http://www.debian.org/security/2006/dsa-1138
>>>
>>> Does not seem hard to fix at all... Listing all of the fatal problems
>> would be helpful...
>>>>
>>>> -mi
>>
>> If it's not that hard to fix then do it. If you're not going to fix it, why
>> are you even commenting?
>>
>> More noise. Stop whining and do something about it.
>
> No, it is not a noise.
 >
> First, note that an issue in the local deamon can be only utilized by
> local users. As a consequence, there is a huge set of machines for which
> the cited issue is simply irrelevant.
>
> For the analogous issues that are irrelevant for 90% of the port users,
> look at the vulnerabilities listed for the quake ports.

By the way, the Debian folks invested certain effort in keeping cfs up 
to date.  Their git repo is still available at 
http://smarden.org/git/cfs.git/ .  In particular, the DoS fix can be 
easily obtained from the repo and placed under files/ in the port.

> Second, I personally consider the crusade to remove old but compiling
> and working (*) ports as a damage both to the project functionality and
> to the project reputation.
>
> * Working exactly because users report bugs in the software, otherwise
> they would not be able to describe corner cases that break.

This is true: cfs is still in use out there.  E.g., I know a company 
still relying on cfs.  They don't seem to care about ports/137378.  I'd 
be glad to suggest they move on to something newer and better supported 
but I'm aware of no other open-source file encryption framework that is 
a) transparent at filesystem level and at the same time b) can support 
multiple security domains without requiring as many mount points.  As 
soon as there is an alternative available, the cfs port can be safely 
retired, but trashing it prematurely would be unwise.

Cheers,
Yar