From owner-freebsd-hackers@FreeBSD.ORG  Sat Apr 12 12:33:57 2014
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 4DC7B95E
 for <freebsd-hackers@freebsd.org>; Sat, 12 Apr 2014 12:33:57 +0000 (UTC)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18])
 (using TLSv1.2 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id DD72212A0
 for <freebsd-hackers@freebsd.org>; Sat, 12 Apr 2014 12:33:56 +0000 (UTC)
Received: from [157.181.96.215] ([157.181.96.215]) by mail.gmx.com (mrgmx003)
 with ESMTPSA (Nemesis) id 0MVdfD-1WTl0V3pBX-00YzQy for
 <freebsd-hackers@freebsd.org>; Sat, 12 Apr 2014 14:33:49 +0200
Message-ID: <534932A8.6040801@gmx.com>
Date: Sat, 12 Apr 2014 14:33:44 +0200
From: dt71@gmx.com
User-Agent: Mozilla/5.0 (X11; FreeBSD i386;
 rv:28.0) Gecko/20100101 Firefox/28.0 SeaMonkey/2.25
MIME-Version: 1.0
To: freebsd-hackers@freebsd.org
Subject: Re: MITM attacks against portsnap and freebsd-update
References: <CAHAXwYCGkP-o0VvMXj5S8-KNA45aTvy+srjDL_=8-x9Dza5z5Q@mail.gmail.com>
In-Reply-To: <CAHAXwYCGkP-o0VvMXj5S8-KNA45aTvy+srjDL_=8-x9Dza5z5Q@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:gjLGOz68E7D4cMKKclwv9rsPHy3FVDxQrRFViD5KinuT7DJmW+l
 V7EW7vtBMC9DJB0wyr6N8s4RSkQZD8dfeOPge2baiEr02zkAo9KhXRmesBtRn8ayT5zchhF
 kvRqFohO5fzLtOFOmnE2lXvp8ssBjwROIh/YhPUbhw/gNjpGPV3C42hLZHNL6ga+rF0X+Vd
 XDfA2iCTA7o3vvJ6BGE4A==
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Apr 2014 12:33:57 -0000

David Noel wrote, On 04/10/2014 19:03:
> The reason I see for it to be retired is that subversion allows us to
> easily and securely check out the ports tree. It's a one-line command:
> `svn co https://...`. Keeping it up-to-date it is another one-liner:
> `cd /usr/ports; svn update`. With the inclusion of svnlite in base,
> the portsnap code and servers acting as mirrors become redundant and
> seem like a waste of resources.

One-liners are also sufficient for Portsnap.

Subversion, due to its scheme of keeping an uncompressed copy of each file in .svn trees, wastes ~410MiB of disk space (for ports; additionally, ~820MiB for src) for users who only want to build ports from source, not develop; whereas Portsnap wastes only ~140MiB.

Subversion is more of a resource strain on both clients and servers.