From owner-freebsd-ports@FreeBSD.ORG Wed Mar 27 23:52:41 2013 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 87AAC318 for ; Wed, 27 Mar 2013 23:52:41 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-ve0-f179.google.com (mail-ve0-f179.google.com [209.85.128.179]) by mx1.freebsd.org (Postfix) with ESMTP id 4BD0FA66 for ; Wed, 27 Mar 2013 23:52:41 +0000 (UTC) Received: by mail-ve0-f179.google.com with SMTP id cz11so1373387veb.10 for ; Wed, 27 Mar 2013 16:52:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type; bh=9XxxjxI1flyFBSub76m+wI2FgN0UntEXuvN009RISgA=; b=L2SWWP0W3IywI8+WgavuiaeB38g4ZhAnk/4KG2Cudh2lSGQxtJcU2Ug1qoMp3Kjlu4 L4CKkpHH76+3N451jRDwbBP+2q4x6LtSMsLV0HRTjDHUkVHs4zD8JSypQLh8zndN4isG VAKpIHq3zc5TuDkJk1IHhYndynmd5zVlea60yWtP2/TevnC9W2uRiaenIkn83ks3QKji IcVavsrY0AiRYGWGScEjDDL248bOD2wxmOFYWyfHErpn5gniI5VI3RpTn/ybmn4tbUdN RqpklNmkYtQ+yRqv3z6j/fVmV+JTD58kpja6QQFxVT7ahp9cE54WucOPvYAet6OLQrX4 WZGw== MIME-Version: 1.0 X-Received: by 10.52.16.211 with SMTP id i19mr4877129vdd.91.1364428354482; Wed, 27 Mar 2013 16:52:34 -0700 (PDT) Received: by 10.220.115.7 with HTTP; Wed, 27 Mar 2013 16:52:34 -0700 (PDT) In-Reply-To: References: <20130326082325.GW2198@droso.net> Date: Wed, 27 Mar 2013 19:52:34 -0400 Message-ID: Subject: Re: Status of packages From: grarpamp To: freebsd-ports@freebsd.org Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Mar 2013 23:52:41 -0000 > No. The security concerns are that some "attacker" could infect binaries > and add dangerous code if he manages to break out of a jail Then the FreeBSD jail facilities are flawed/insufficient and need fixed. > or place > malicious code in some packages that are used as dependencies. Either the source is coming from the official committed repo and built in a proper environment, and the repo is properly insulated from all access but remote commits, or it's not. If you have that environment this is not a concern. Excepting any rogue commits you have going in to the repo. > Due to > the nature of redports many jobs by a lot of people are build in parallel and > ports depend on each other so you cannot trust the machine anymore and > the only way to proceed would be by wiping the box and restarting from > scratch. Since the packages are not shared accross multiple machines nor > made available to users the risk is that the machine has to be wiped but it > could never infect any user. > In addition to that redports does a lot to make sure that user modified > packages are not reused and environments are cleaned after each build > but nobody says it's impossible. Afaik, redports is an external developer (porter/user) buildservice. It's not the same as the official pointyhat service. What I'm getting at is that somewhere there should be an official port/package build running in what amounts to a continuous loop (whether triggered and dependency queued by commits, or simply once every N timeframes). And that having that dataset available can be useful to both porters and users until a convenient tag is laid down and it's pushed out to supported distribution. Today, unsupported interim packages aren't available, even though the same (possibly temporarily broken at times) ports code for them is... only if a user is willing and able to build them. >From a production standpoint, so long as you know your master repo is intact (hashed repo, etc), loss of any periphery box or system should not take six months to recover from. Simply nuke it, re install/provision, check out the tools and start pushing packages out again. That production recovery process should be separate from designing and deploying new commit, build and distribution systems. Anyways, many of this things are coming together now I'm sure, so no worries :)