From owner-freebsd-stable@FreeBSD.ORG Sun Nov 18 13:38:15 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 57CBD7AB for ; Sun, 18 Nov 2012 13:38:15 +0000 (UTC) (envelope-from utisoft@gmail.com) Received: from mail-bk0-f54.google.com (mail-bk0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id D028D8FC17 for ; Sun, 18 Nov 2012 13:38:14 +0000 (UTC) Received: by mail-bk0-f54.google.com with SMTP id je9so849002bkc.13 for ; Sun, 18 Nov 2012 05:38:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=3Cao/RFi/Uo+YrJvwMyMXoNNrdsr5XIF/hv2CxNXShY=; b=r5f+5gdh6xUUBpPe5qTq+OsQmzxGVQloBegbPE8AVr6kfrxKP/OzDBK91fBlTM/2Bz 3asnBDulUDGGlpLU4gWwSNRgLAnWf2V5uprgkYxm/WCxG8Ckkl5M2moSp+Zvqt5NeTUp LCIFAhA8DhWspf2tLH/kHcGuBAvLggLw6sWGD2aCOccEs3iGEUR3RjTBXin//s1kF+Sm rxUQ+ffY+GStBq24aW2MgtAbz4kRSrtxlUqjcDbK2g264yzckjFPL4tZf5eLlxh/bRpH PQhQA7T+pILGEChE/+Widaa2vj4M7AjQFpm6pWff93ricG65OWeFTzic9pPlhp682//R +/dg== MIME-Version: 1.0 Received: by 10.204.147.212 with SMTP id m20mr3839113bkv.103.1353245893253; Sun, 18 Nov 2012 05:38:13 -0800 (PST) Received: by 10.204.50.197 with HTTP; Sun, 18 Nov 2012 05:38:13 -0800 (PST) Received: by 10.204.50.197 with HTTP; Sun, 18 Nov 2012 05:38:13 -0800 (PST) In-Reply-To: <50A8AF1D.7080008@netfence.it> References: <50A7DEE7.8090802@netfence.it> <50A8AF1D.7080008@netfence.it> Date: Sun, 18 Nov 2012 13:38:13 +0000 Message-ID: Subject: Re: confirm that csup is still usable fos the new 9.1 From: Chris Rees To: Andrea Venturoli Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: FreeBSD X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2012 13:38:15 -0000 On 18 Nov 2012 09:49, "Andrea Venturoli" wrote: > > On 11/17/12 21:04, Kevin Oberman wrote: > >>> Looks like everything is back up again. >>> Thanks for the good work. >> >> >> Yes, but don't bet that csup and cvs will be around long. > > > I'm aware of this and I'm (adimttedly slowly) moving away from csup. > > > > >> The outage >> was the result of an intrusion into core FreeBSD systems. Please read >> the posting at http://www.freebsd.org/news/2012-compromise.html. > > > Read that. > > > > >> It's >> really time to get away from CVS and I suspect it will be going away >> sooner than had been planned. I notice that no response has confirmed >> whether it will be available for 9.1, probably because the security >> team is still evaluating the situation. > > > Simply out of curiosity, I wonder why csup/cvsup/cvs are less secure than alternatives, say SVN. > Why would this compromise be impossible without cvs? > Any link on this? Not impossible, but because of the way cvs mirrors are propagated any tampering is also synced. Subversion propagation only pulls commits, which is why it's faster and also tampering in the history is not propagated. Chris