From owner-freebsd-hackers@FreeBSD.ORG Sat Apr 12 16:06:42 2014 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 937BA3BE for ; Sat, 12 Apr 2014 16:06:42 +0000 (UTC) Received: from mail-la0-x22f.google.com (mail-la0-x22f.google.com [IPv6:2a00:1450:4010:c03::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1F87015BE for ; Sat, 12 Apr 2014 16:06:41 +0000 (UTC) Received: by mail-la0-f47.google.com with SMTP id pn19so4393793lab.6 for ; Sat, 12 Apr 2014 09:06:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=eDwGCJrI3o00WU4/0No0tbb7deVVUcvQU9RHJE6/Qec=; b=R7ivLwgycudnqSjCdfqda9XQB0ohfxdrhvq6ltnJsHKQZoTXKqCv2x+w6nDyRSz65Y RgCQmo/XKg0aZW0SjZdVLJpQl+KlPKw4fFRvVKL+SlVVvkxh21DtO+OaW3eANSFdkTTL 5a64qPTO9tgLHm5/7uoXHi41iPrfz8hSuq1LnWjalLgYXNxGZvihKyx4LI09KNKSNPPa d2s7/loGMR9nvxQEReeo4y1eqa+GYoKZDu0iFjOxnqJm04kdrY5isuLNt8aJd+RHdWx4 FIhWEKgJ3sR+H8mPw355Xqd2bftWkO2HdeFXDV65Hz0VMYpL3f2DvAssGD+3w6TceFGq cBwQ== MIME-Version: 1.0 X-Received: by 10.112.221.227 with SMTP id qh3mr63388lbc.55.1397318799936; Sat, 12 Apr 2014 09:06:39 -0700 (PDT) Received: by 10.112.129.164 with HTTP; Sat, 12 Apr 2014 09:06:39 -0700 (PDT) In-Reply-To: <534932A8.6040801@gmx.com> References: <534932A8.6040801@gmx.com> Date: Sat, 12 Apr 2014 17:06:39 +0100 Message-ID: Subject: Re: MITM attacks against portsnap and freebsd-update From: Tom Evans Cc: "freebsd-hackers@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Apr 2014 16:06:42 -0000 On Sat, Apr 12, 2014 at 1:33 PM, wrote: > Subversion, due to its scheme of keeping an uncompressed copy of each file > in .svn trees, wastes ~410MiB of disk space (for ports; additionally, > ~820MiB for src) for users who only want to build ports from source, not > develop; whereas Portsnap wastes only ~140MiB. > > Subversion is more of a resource strain on both clients and servers. Different people want different things. I would prefer to see a tool in base, eg freebsd-update, taught how to use both methods. This would allow the user to choose whether they want versioned files - in which case freebsd-update would use svnlite from base, and the user accepts that it will be slow and use a little more space - or if they want just the up to date files with no metadata, in which case "portsnap" mode can be used. I put "portsnap" in quotes there, because it seems like there are some issues to solve there. In a non license constrained world, the problem of "how do I replicate these files from here to there" is universally solved by rsync. Would a freebsd-update tool that required the rsync port/package to be installed in order to operate in "portsnap" mode be that bad, especially with svnlite (or even use fetch to grab a snapshot) to fall back on? Cheers Tom