Date: Fri, 11 Apr 2014 14:20:18 -0700 From: Anton Afanasyev <aasoft@gmail.com> To: Matthew Rezny <matthew@reztek.cz> Cc: freebsd-hackers@freebsd.org Subject: Re: MITM attacks against portsnap and freebsd-update Message-ID: <CAEAhP2iV_ze2ogrw9KJqLEwEzKP%2BpNh9km9kA-jrLwXk7G7rHQ@mail.gmail.com> In-Reply-To: <2012148.SzKMgBGQYg@desktop.reztek> References: <CAHAXwYCGkP-o0VvMXj5S8-KNA45aTvy%2BsrjDL_=8-x9Dza5z5Q@mail.gmail.com> <2012148.SzKMgBGQYg@desktop.reztek>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Apr 11, 2014 at 11:04 AM, Matthew Rezny <matthew@reztek.cz> wrote: > The biggest effort would be adding rsync to base, but being that we have > svn(lite) in base it should not be a big deal to add rsync. > I may be too naive and/or just not understand things as well as those who do move code into base, so excuse my ignorance, but why was svnlite moved into base, and why even consider moving rsync into base? Sure, it is nice if the base includes everything needed to allow development of it; it is also a must to be able to update and build your ports. But why include tools that do this, rather than a bootstrap for installing those tools? For developing and updating base, why not include a script that fetches a (sufficiently fresh) snapshot of the ports tree and let the user decide whether they want to use svn or any other port to update their sources? If it is deemed too large a download (a valid concern) - download only svn and its dependencies, possibly even to a ports tree rooted in a location different from /usr/ports, and build svn from that. For keeping ports up to date, why not include a script that fetches a (sufficiently fresh) copy of the ports tree and tell the user that the preferred method to update is rsync; heck, create a port that uses rsync to do what Matthew described above, and /offer/ to install it for the the user from the tree that was just downloaded. Something along the lines of the above would completely remove the need to keep unrelated code in base - and the need to keep it updated - , while still allowing the end user to keep base and ports up to date. Anton
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAEAhP2iV_ze2ogrw9KJqLEwEzKP%2BpNh9km9kA-jrLwXk7G7rHQ>