Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 18 Nov 2012 13:38:13 +0000
From:      Chris Rees <utisoft@gmail.com>
To:        Andrea Venturoli <ml@netfence.it>
Cc:        FreeBSD <freebsd-stable@freebsd.org>
Subject:   Re: confirm that csup is still usable fos the new 9.1
Message-ID:  <CADLo83-sZNiyFHhQ35iY3uXKOQFWNLZMmmOATZ9ky8yDTd1Xhw@mail.gmail.com>
In-Reply-To: <50A8AF1D.7080008@netfence.it>
References:  <CALFgp2PGLnqUeDkt=hn_B6yjE9VrsXogrB9pFC6A=ahTCZvRRA@mail.gmail.com> <CAF6rxg=udvqV_dAGeH-zGq_gWfKja=YpXwyMBtBHahFHBxAJnQ@mail.gmail.com> <50A7DEE7.8090802@netfence.it> <CAN6yY1tLe1XRM%2BMFiDj=XOx3dagx8OammSCYfvM%2BsP2Xjg431g@mail.gmail.com> <50A8AF1D.7080008@netfence.it>

next in thread | previous in thread | raw e-mail | index | archive | help
On 18 Nov 2012 09:49, "Andrea Venturoli" <ml@netfence.it> wrote:
>
> On 11/17/12 21:04, Kevin Oberman wrote:
>
>>> Looks like everything is back up again.
>>> Thanks for the good work.
>>
>>
>> Yes, but don't bet that csup and cvs will be around long.
>
>
> I'm aware of this and I'm (adimttedly slowly) moving away from csup.
>
>
>
>
>> The outage
>> was the result of an intrusion into core FreeBSD systems. Please read
>> the posting at http://www.freebsd.org/news/2012-compromise.html.
>
>
> Read that.
>
>
>
>
>> It's
>> really time to get away from CVS and I suspect it will be going away
>> sooner than had been planned. I notice that no response has confirmed
>> whether it will be available for 9.1, probably because the security
>> team is still evaluating the situation.
>
>
> Simply out of curiosity, I wonder why csup/cvsup/cvs are less secure than
alternatives, say SVN.
> Why would this compromise be impossible without cvs?
> Any link on this?

Not impossible, but because of the way cvs mirrors are propagated any
tampering is also synced.  Subversion propagation only pulls commits, which
is why it's faster and also tampering in the history is not propagated.

Chris



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADLo83-sZNiyFHhQ35iY3uXKOQFWNLZMmmOATZ9ky8yDTd1Xhw>