Date: Thu, 28 Oct 2004 19:48:29 +0100 From: Colin Percival <colin.percival@wadham.ox.ac.uk> To: Peter Jeremy <PeterJeremy@optushome.com.au> Cc: freebsd-ports@freebsd.org Subject: Re: please test: Secure ports tree updating Message-ID: <41813EFD.9070105@wadham.ox.ac.uk> In-Reply-To: <20041027194835.GD79646@cirb503493.alcatel.com.au> References: <417EAC7E.2040103@wadham.ox.ac.uk> <20041027194835.GD79646@cirb503493.alcatel.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Peter Jeremy wrote: > It sounds like you've re-invented CTM rather than a CVSup replacement. > Would you care to provide a comparison of portsnap with CTM? Based on > your description, the differences are: > - portsnap uses HTTP, CTM uses either FTP or mail. Technically, portsnap can use a variety of means -- it uses fetch(1) to download files, so it can use anything which fetch(1) understands. But yes, HTTP is the mechanism I expect most people to use. > - portsnap is always signed, CTM is only signed via mail. This probably doesn't matter to most people, but portsnap also uses a much more lightweight mechanism (raw rsa vs. pgp). For this reason (less code usually means fewer bugs) I'm more inclined to trust the security of portsnap signatures. > - CTM is part of the base system Portsnap could become part of the base system if people want it to. :-) > - ports-cur CTM deltas are currently generated every 8 hours This is irrelevant; both ctm and portsnap can build updates as often as desired. Other differences: - Portsnap keeps a compressed snapshot which can be updated or extracted whenever desired; CTM keeps a series of deltas. (This may mean that portsnap can update /usr/ports/ more quickly... I'm not sure, but in general it's much faster to extract a tarball than to apply text patches.) - Portsnap fetches patches which go directly from the version held locally to the latest version, while CTM fetches all the intermediate versions. (This gives portsnap a bandwidth advantage if you're not updating on a regular basis.) - I haven't implemented this yet, but it is very easy to get the portsnap client to ignore certain directories (in the same manner as .cvsignore works), since it works by downloading lots of individual patches, while CTM always updates everything. - I have a feeling that I'm missing something else important here, but I can't think what it is. You're right that portsnap has more in common with CTM than it does with CVSup. Perhaps I should describe it as a CTM replacement instead; but I think it is likely to be of value to a large number of people currently using CVSup. Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41813EFD.9070105>