Date: Tue, 26 Oct 2004 16:11:35 -0400 From: Jason DiCioccio <jd@ods.org> To: Colin Percival <colin.percival@wadham.ox.ac.uk>, freebsd-ports@freebsd.org Cc: freebsd-security@freebsd.org Subject: Re: please test: Secure ports tree updating Message-ID: <9BBE3B5561450CAF8EE94788@[10.102.0.67]> In-Reply-To: <417EAC7E.2040103@wadham.ox.ac.uk> References: <417EAC7E.2040103@wadham.ox.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Colin, This sounds great. If you do end up needing a mirror, feel free to email me. I have a couple of servers on different connections (10/100mbit) that I might be able to donate to your cause. In the mean time, I'm going to give it a shot.. Regards, -JD- --On Tuesday, October 26, 2004 20:58:54 +0100 Colin Percival <colin.percival@wadham.ox.ac.uk> wrote: > CVSup is slow, insecure, and a memory hog. However, until now > it's been the only option for keeping an up-to-date ports tree, > and (thanks to all of the recent work on vuxml and portaudit) > it has become quite obvious that keeping an up-to-date ports > tree is very important. > > To provide a secure, lightweight, and fast alternative to CVSup, > I've written portsnap. As the name suggests, this is a system > for building, *signing*, and distributing compressed snapshots > of the ports tree, which can then be extracted into /usr/ports > as needed. > > Portsnap is: > * Lightweight. It's a 15kB shell script which uses under 50kB > of other binaries. > * Designed for frequent updating. Unlike CVSup, it doesn't > need to transmit a complete list of files in the ports tree each > time it runs; in fact, if there are no updates available, it only > needs to fetch a single file of 256 bytes. > * Secure. Using code from FreeBSD Update, the ports snapshots > are signed using a 2048-bit RSA key. > * HTTP-only. That's right, you don't need to beg your network > maintainer to allow outgoing connections on port 5999 any more. :-) > > Right now I'm only building snapshots once per day, but after > this has had some testing I'll increase that to once every 1-2 > hours. Similarly, portsnap isn't in the ports tree yet, but it > will appear there once I'm satisfied with the testing that it > has received. > > So please go and test! Portsnap can be downloaded from > http://www.daemonology.net/portsnap/ > > Colin Percival > PS. I'm not sure how many testers this message is going to elicit, > nor how much bandwidth portsnap.daemonology.net can comfortably > handle. I may come back tomorrow and ask for some mirrors. :-) > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9BBE3B5561450CAF8EE94788>