From owner-ctm-users@freebsd.org Thu Aug 20 04:47:51 2015 Return-Path: Delivered-To: ctm-users@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D07849BECE8 for ; Thu, 20 Aug 2015 04:47:51 +0000 (UTC) (envelope-from Andre.Albsmeier@siemens.com) Received: from david.siemens.de (david.siemens.de [192.35.17.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "david.siemens.de", Issuer "savelogs.saacon.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 82EA1C26 for ; Thu, 20 Aug 2015 04:47:50 +0000 (UTC) (envelope-from Andre.Albsmeier@siemens.com) Received: from mail2.siemens.de (mail2.siemens.de [139.25.208.11]) by david.siemens.de (8.15.1/8.15.1) with ESMTPS id t7K4lmtf017644 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 20 Aug 2015 06:47:48 +0200 Received: from curry.mchp.siemens.de (curry.mchp.siemens.de [139.25.40.130]) by mail2.siemens.de (8.15.1/8.15.1) with ESMTP id t7K4lmwp005213; Thu, 20 Aug 2015 06:47:48 +0200 Received: (from user@localhost) by curry.mchp.siemens.de (8.14.9/8.14.9) id t7K4lmpm060749; Date: Thu, 20 Aug 2015 06:47:47 +0200 From: Andre Albsmeier To: "Montgomery-Smith, Stephen" Cc: "ctm-users@freebsd.org" Subject: Re: Do you still need CTM? Message-ID: <20150820044747.GB18686@bali> References: <55D3E582.2030908@missouri.edu> <55D5123A.50407@missouri.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <55D5123A.50407@missouri.edu> X-Echelon: X-Advice: Drop that crappy M$-Outlook, I'm tired of your viruses! User-Agent: Mutt/1.5.21 (2010-09-15) X-BeenThere: ctm-users@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: CTM User discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Aug 2015 04:47:52 -0000 On Wed, 19-Aug-2015 at 23:33:15 +0000, Montgomery-Smith, Stephen wrote: > On 08/18/2015 09:10 PM, Montgomery-Smith, Stephen wrote: > > I just received an email from one of the FreeBSD people telling me > > that they are worried about the security threat posed by CTM. > > They would like to disconnect it from the base FreeBSD system. > > > > Personally I have become extremely happy with using subversion, and > > if CTM were to disappear, I could live without it very easily. > > > > But maybe some of you feel differently. One thing we could do is > > 1. Create a CTM port; 2. Put the deltas on a server other than > > official FreeBSD servers; 3. Host our own mailing lists. > > > > Honestly, I think the best thing to do is to close CTM. But if > > anyone else really wants CTM, and is willing to do (2) and (3), I > > can easily do (1). > > 1. One thing I can do is to keep the CTM deltas being generated, and > keep the following web page open: http://web.missouri.edu/~stephen/CTM/ > The only thing I cannot store are the svn-cur xEmpty files, because I I personally could live with that perfectly. > haven't been given enough space. I cannot maintain any kind of > mailing list. Also, since this web space belongs to the University of > Missouri, they might take it down some day. So one would have to check this web page to get the latest deltas? Well, that's fine as well. > > 2. I am sympathetic to the security concerns. Having seen the recent > security advisories, it seems to me that no-one can predict how some > odd bit of code on the side will one day become a problem. And I > think to do a full audit of the ctm code would be a lot of work. > > If we disconnect CTM from the FreeBSD project, and run it privately > from the side, then it doesn't decrease our security problems. But it > does decrease FreeBSD's potential security problems. And if the CTM > code gets hit by some weird virus (e.g. a forged email sending a delta > that lays your computers open to the world), the FreeBSD project won't > then get embarrassed. OK. Again fine for me. > > 3. I'm not so sympathetic to the issue of how much space the svn > repository takes. Disk space is so cheap these days. But presumably Right. But there are machines where you can't simply plug in a 2 TB SATA drive -- no matter if it costs 10 or 100 Euros. And if you have got several of these, you really start to love CTM ;-) -Andre > people who are concerned over that issue don't need the svn-cur CTM > deltas, and only want ports-cur or src-*. Then what I offer in point > (1) should be satisfactory. > > Stephen > _______________________________________________ > ctm-users@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/ctm-users > To unsubscribe, send any mail to "ctm-users-unsubscribe@freebsd.org" -- Jeder Projektmanager, der glaubt, Projekte zu managen, der glaubt auch, dass Zitronenfalter Zitronen falten.