confirm that csup is still usable fos the new 9.1
Chris Rees
utisoft at gmail.com
Sun Nov 18 13:38:15 UTC 2012
On 18 Nov 2012 09:49, "Andrea Venturoli" <ml at netfence.it> wrote:
>
> On 11/17/12 21:04, Kevin Oberman wrote:
>
>>> Looks like everything is back up again.
>>> Thanks for the good work.
>>
>>
>> Yes, but don't bet that csup and cvs will be around long.
>
>
> I'm aware of this and I'm (adimttedly slowly) moving away from csup.
>
>
>
>
>> The outage
>> was the result of an intrusion into core FreeBSD systems. Please read
>> the posting at http://www.freebsd.org/news/2012-compromise.html.
>
>
> Read that.
>
>
>
>
>> It's
>> really time to get away from CVS and I suspect it will be going away
>> sooner than had been planned. I notice that no response has confirmed
>> whether it will be available for 9.1, probably because the security
>> team is still evaluating the situation.
>
>
> Simply out of curiosity, I wonder why csup/cvsup/cvs are less secure than
alternatives, say SVN.
> Why would this compromise be impossible without cvs?
> Any link on this?
Not impossible, but because of the way cvs mirrors are propagated any
tampering is also synced. Subversion propagation only pulls commits, which
is why it's faster and also tampering in the history is not propagated.
Chris
More information about the freebsd-stable
mailing list