[nycbug-talk] Request for Review, Summary of FreeBSD src fetching problems

Glen Barber gjb at FreeBSD.org
Sun Jan 27 19:02:41 EST 2013


On Sun, Jan 27, 2013 at 06:25:29PM -0500, Isaac (.ike) Levy wrote:
> > And therein, in my opinion, is what is making this such a big deal.  The
> > exporter has run for far too long.  It is buggy at best.  It often
> > crashes when files are replaced.  
> 
> Thanks for this peek behind the curtain, this makes sense-
> 

This really is not behind the curtain.  Simon would occasionally post to
-stable, -current (and I think -hackers) when the exporter was down.
This has not happened for some time.

> > Most importantly, and this is the part
> > that bothers me so much about this ongoing topic, it is not secure.
> 
> This is game-changing for my attitude.  Neglected systems are
> dangerous systems.
> 

To be clear, I mean specifically the fetch method.  I do not know how
CVS works underneath, but svn does checksumming of the "pristine" copy.
Additionally, svn supports fetching over https.  I do not know if CVS
does.

> Is there any clear path that you know of to end-of-life the src
> cvsup?
> 

I am not sure I understand what you mean.  Do you mean the timeframe
within which it will happen, or migration strategies, etc?

To the best of my knowledge, the cvs exporter will run for the duration
of the stable/9 branch (but not the releng/9.1 or release/9.1.0 or
later).  I may be wrong about this, but I seem to recall it was
mentioned in one of Ken's -RC announcements.

> Anywhere you can think of where we can be watching, for changes
> upstream?
> 

-stable, -current are probably the two to keep an eye on.  There is
a new -ops-announce list, but I think that is intended for maintenance
and service interruption announcements.

Glen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20130127/8d744ded/attachment.bin>


More information about the talk mailing list