Date: Fri, 21 Aug 2015 02:46:42 +0000 From: "Montgomery-Smith, Stephen" <stephen@missouri.edu> To: "ctm-users@freebsd.org" <ctm-users@freebsd.org> Subject: Re: Do you still need CTM? Message-ID: <55D69111.4050901@missouri.edu> In-Reply-To: <201508201201.t7KC13pd060715@fire.js.berklix.net> References: <201508201201.t7KC13pd060715@fire.js.berklix.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 08/20/2015 07:01 AM, Julian H. Stacey wrote: > Hi, Reference: >> To: "ctm-announce@FreeBSD.org" <ctm-announce@freebsd.org> >> From: "Montgomery-Smith, Stephen" <stephen@missouri.edu> >> Date: Wed, 19 Aug 2015 04:05:26 +0000 >> >> I just received an email from one of the FreeBSD people telling me >> that they are worried about the security threat posed by CTM. They >> would like to disconnect it from the base FreeBSD system. >=20 > If someone wants to axe CTM, we should Not acquiesce without examining Wh= y. > Periodicaly people wish to rip stuff out of FreeBSD src/; the > phenomena repeatedly causes un-necessary agravation. Some previously > haven't been mature enough to recognise one man's junk is another > man's valued functionality, some past axers have had to back off. >=20 > Reasons/excuses to rip stuff out of src/ sometimes include eg size > (but usr.sbin/ctm is just 300K) & architectural complications with > kernel & libs (but this is just a user prog). If an axer asserts > there's a security issue, original author phk@ may be interested. > <ctm-users@freebsd.org> may also be interested to fix it, but=20 > axe propenet has Not provided us detail. >=20 > The axer proponent should present detail direct to us <ctm-users@freebsd.= org>. > In particular: > - Does the axer mean a threat to ctm_smail generator machines ? > If so: What threat ? Detail required by Stephen & I. 'Cos it's > Stephen's generator host, not an @freebsd.org cluster server, > & years back I gave Stephen facilities on my berklix.org FreeBSD serv= er > as fallback, still available if needed. > - Does the axer mean a threat to @freebsd.org cluster servers ? > If so How ? What ? That's just a mirrored tree & mail servers for del= tas. > - Does the axer mean a threat to ctm_rmail recipients that recompile & = run ? > If so, we want detail, But axers deserve no say re. CTM usage > by recipient, that is a judgement call Exclusively for recipient > users alone to weigh any risk versus utility & efficiency of use. >=20 >=20 >> Personally I have become extremely happy with using subversion, and if >> CTM were to disappear, I could live without it very easily. >=20 > Doesn't suprise me Stephen, as you are our kind maintainer, the man > who bridges svn to ctm so you must know both, it us who benefit from CTM, > not you, thanks for your work :-) >=20 > Actually I'm currently using both, eg > CTM update of svn-cur, src-[0-9][0-9] & ports but also > svn co -q file:///usr/svn/base/head (& file:///usr/svn/ports/head) > for testing current patches (can't remember detail, been away) >=20 > I do Not want to see CTM dissapear, & most certainly not for svn-cur ! > Its very useful Push technology - transfer is batched & queued for maxima= ly > convenient & cheap connectivity, using minimum time from fast local SMTP > queues, no reliance on Pull technology from remote SVN servers. >=20 > Others also pointed out SVN trees are Big. I don't think it is necessary for people to come up with explicit security risks before questioning the riskiness of CTM. The whole point of security risks is that we don't know they exist before someone finds them. Otherwise we would have plugged the risk. It looks like very few people use CTM - I'm going to guess a grand total of 10 or 20 people worldwide. This has two consequences: 1. Because so few people use it, there are not many eyes looking at the code. So the code doesn't get audited very much. 2. Each piece of code in the base system has to balance its riskiness against its usefulness. If only a very few people use a particular program, then the corresponding thresh-hold of riskiness should be similarly low. I really do agree with the person from FreeBSD central who emailed me. I think we should move CTM away from the FreeBSD base. If someone else disagrees with me, then they should take it over, and then argue their case directly with the FreeBSD project. There is another consequence of there being so few people who use it. We have to weigh the costs of creating and maintaining CTM against the benefits to a few people around the world, each of whom could presumably find a different way to solve their particular problem if they had to. Right now, maintaining CTM is relatively easy for me. And to be honest, it has brought me a lot of benefits in gaining experience of writing additional code, or learning a bit about tcl and other scripting languages. As long as the work load stays relatively the same, I see no major personal cost in maintaining it. And I am happy to keep it going to help those handful of people around the world who get benefit from it. But if, for example, the University of Missouri took away the virtual computer I use to generate CTMs, or they insist on a major redesign of web pages they host for "branding" reasons, then I'll really have to think seriously about giving it up.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55D69111.4050901>