Do you still need CTM?
Andre Albsmeier
Andre.Albsmeier at siemens.com
Thu Aug 20 04:47:52 UTC 2015
On Wed, 19-Aug-2015 at 23:33:15 +0000, Montgomery-Smith, Stephen wrote:
> On 08/18/2015 09:10 PM, Montgomery-Smith, Stephen wrote:
> > I just received an email from one of the FreeBSD people telling me
> > that they are worried about the security threat posed by CTM.
> > They would like to disconnect it from the base FreeBSD system.
> >
> > Personally I have become extremely happy with using subversion, and
> > if CTM were to disappear, I could live without it very easily.
> >
> > But maybe some of you feel differently. One thing we could do is
> > 1. Create a CTM port; 2. Put the deltas on a server other than
> > official FreeBSD servers; 3. Host our own mailing lists.
> >
> > Honestly, I think the best thing to do is to close CTM. But if
> > anyone else really wants CTM, and is willing to do (2) and (3), I
> > can easily do (1).
>
> 1. One thing I can do is to keep the CTM deltas being generated, and
> keep the following web page open: http://web.missouri.edu/~stephen/CTM/
> The only thing I cannot store are the svn-cur xEmpty files, because I
I personally could live with that perfectly.
> haven't been given enough space. I cannot maintain any kind of
> mailing list. Also, since this web space belongs to the University of
> Missouri, they might take it down some day.
So one would have to check this web page to get the latest deltas?
Well, that's fine as well.
>
> 2. I am sympathetic to the security concerns. Having seen the recent
> security advisories, it seems to me that no-one can predict how some
> odd bit of code on the side will one day become a problem. And I
> think to do a full audit of the ctm code would be a lot of work.
>
> If we disconnect CTM from the FreeBSD project, and run it privately
> from the side, then it doesn't decrease our security problems. But it
> does decrease FreeBSD's potential security problems. And if the CTM
> code gets hit by some weird virus (e.g. a forged email sending a delta
> that lays your computers open to the world), the FreeBSD project won't
> then get embarrassed.
OK. Again fine for me.
>
> 3. I'm not so sympathetic to the issue of how much space the svn
> repository takes. Disk space is so cheap these days. But presumably
Right. But there are machines where you can't simply plug in a 2 TB
SATA drive -- no matter if it costs 10 or 100 Euros. And if you have
got several of these, you really start to love CTM ;-)
-Andre
> people who are concerned over that issue don't need the svn-cur CTM
> deltas, and only want ports-cur or src-*. Then what I offer in point
> (1) should be satisfactory.
>
> Stephen
> _______________________________________________
> ctm-users at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/ctm-users
> To unsubscribe, send any mail to "ctm-users-unsubscribe at freebsd.org"
--
Jeder Projektmanager, der glaubt, Projekte zu managen, der
glaubt auch, dass Zitronenfalter Zitronen falten.
More information about the ctm-users
mailing list