Re: [OT] CVSUP (was "Re: Was: Re: Why This Infinite Loop??")
On Aug 22, 2006, at 12:19 AM, Erik Trulsson wrote: On Tue, Aug 22, 2006 at 06:38:46AM +0100, Matthew Seaman wrote: Lowell Gilbert wrote: Garrett Cooper <[EMAIL PROTECTED]> writes: Gerard Seibert wrote: IMHO, it might be a lot easier for him to use portsnap. Especially if he is not familiar with the FBSD ports system. Just my opinion though. CVSUP isn't that difficult IMHO to learn, and is a better, more efficient way to download the ports Makefiles. In what way? For typical applications, lower bandwidth usage is supposedly an advantage of portsnap. It will take him all of 10-20 minutes to configure if he reads the documentation and uses the example file. I would think so. And it can be used with arbitrary cvs trees, including the FreeBSD source tree. On the other hand, it doesn't come in the FreeBSD base system, and it doesn't sign the updates. But csup(1) is in the base system for values of base system equal to 6.1-STABLE or better. csup(1) is cvsup(1) reimplemented in plain C and apart from the graphical display stuff is a drop in replacement for cvsup(1). Not quite a drop in replacement. csup(1) does not (yet) support CVS mode which is used to maintain a local copy of the repository. I did a bit of searching and it appears that my thoughts on how CVSUP is implemented are slightly skewed. From the portsnap developer's page: -CVSup is insecure. The protocol uses no encryption or signing, and any attacker who can intercept the connection can insert arbitrary data into the tree you are updating. -CVSup isn't end-to-end. Related to the previous point, this means that anyone who can compromise a CVSup mirror can feed arbitrary data to the people who are using that mirror. -CVSup isn't designed for frequent small updates. While CVSup is very good at distributing CVS trees, and is very efficient for updating a tree which has been significantly changed (eg, by a month or more of commits), it transmits a list of all the files in the tree, which makes it quite inefficient if only a few files have changed. -CVSup uses a custom protocol. This can cause problems for people behind firewalls -- outgoing connections on port 5999 need to be permitted -- and it needs a heavyweight server (cvsupd). The first and fourth points are the ones I noted as the flaw in my original argument of the overall operation of CVSUP vs portsnap. I thought that CVSUP actually used the CVS protocol to transfer data, which can encrypt data using SSH tunneling but it actually doesn't and is very insecure =\. Noting that portsnap fetches all files via fetch with ssl support enabled as well by quickly reading through the portsnap script, it is much more secure than CVSUP is. The only thing to note is that you still need to use CVSUP to update your base package sources, as there isn't a compressed, fetching equivalent like portsnap available for the sources. Although this would have been more efficient for beno because it sounds like his ports tree hasn't been updated in ages, portsnap would be better to use in the future for updating his ports tree. -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [OT] CVSUP (was "Re: Was: Re: Why This Infinite Loop??")
On Tue, Aug 22, 2006 at 06:38:46AM +0100, Matthew Seaman wrote: > Lowell Gilbert wrote: > > Garrett Cooper <[EMAIL PROTECTED]> writes: > > > >> Gerard Seibert wrote: > > > >>> IMHO, it might be a lot easier for him to use portsnap. Especially > >>> if he is not familiar with the FBSD ports system. Just my opinion > >>> though. > > > >>CVSUP isn't that difficult IMHO to learn, and is a better, more > >> efficient way to download the ports Makefiles. > > > > In what way? For typical applications, lower bandwidth usage is > > supposedly an advantage of portsnap. > > > >>It will take him all of > >> 10-20 minutes to configure if he reads the documentation and uses the > >> example file. > > > > I would think so. And it can be used with arbitrary cvs trees, > > including the FreeBSD source tree. On the other hand, it doesn't > > come in the FreeBSD base system, and it doesn't sign the updates. > > But csup(1) is in the base system for values of base system equal to > 6.1-STABLE or better. csup(1) is cvsup(1) reimplemented in plain C > and apart from the graphical display stuff is a drop in replacement > for cvsup(1). Not quite a drop in replacement. csup(1) does not (yet) support CVS mode which is used to maintain a local copy of the repository. -- Erik Trulsson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [OT] CVSUP (was "Re: Was: Re: Why This Infinite Loop??")
Lowell Gilbert wrote: > Garrett Cooper <[EMAIL PROTECTED]> writes: > >> Gerard Seibert wrote: > >>> IMHO, it might be a lot easier for him to use portsnap. Especially >>> if he is not familiar with the FBSD ports system. Just my opinion >>> though. > >>CVSUP isn't that difficult IMHO to learn, and is a better, more >> efficient way to download the ports Makefiles. > > In what way? For typical applications, lower bandwidth usage is > supposedly an advantage of portsnap. > >>It will take him all of >> 10-20 minutes to configure if he reads the documentation and uses the >> example file. > > I would think so. And it can be used with arbitrary cvs trees, > including the FreeBSD source tree. On the other hand, it doesn't > come in the FreeBSD base system, and it doesn't sign the updates. But csup(1) is in the base system for values of base system equal to 6.1-STABLE or better. csup(1) is cvsup(1) reimplemented in plain C and apart from the graphical display stuff is a drop in replacement for cvsup(1). Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: [OT] CVSUP (was "Re: Was: Re: Why This Infinite Loop??")
Garrett Cooper <[EMAIL PROTECTED]> writes: > Gerard Seibert wrote: >> IMHO, it might be a lot easier for him to use portsnap. Especially >> if he is not familiar with the FBSD ports system. Just my opinion >> though. >CVSUP isn't that difficult IMHO to learn, and is a better, more > efficient way to download the ports Makefiles. In what way? For typical applications, lower bandwidth usage is supposedly an advantage of portsnap. >It will take him all of > 10-20 minutes to configure if he reads the documentation and uses the > example file. I would think so. And it can be used with arbitrary cvs trees, including the FreeBSD source tree. On the other hand, it doesn't come in the FreeBSD base system, and it doesn't sign the updates. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [OT] CVSUP (was "Re: Was: Re: Why This Infinite Loop??")
On Monday 21 August 2006 15:02, Garrett Cooper wrote: > CVSUP isn't that difficult IMHO to learn, and is a better, more > efficient way to download the ports Makefiles. It will take him all of > 10-20 minutes to configure if he reads the documentation and uses the > example file. I am always willing to learn something new. How is it more efficient at downloading the port's Makefiles? I agree that the first time you run 'portsnap' it might take twenty minutes to fetch and extract the files. However, after that it only requires a fetch and update to complete the job. It appears, to me anyway, to run at least as quick as cvsup plus I do not have to rebuild the index. If he runs cvsup I believe he has to rebuild the index, or am I mistaken? In any case, he has to use one method or the other or he will never get his system updated. -- Gerard Seibert [EMAIL PROTECTED] Every man takes the limits of his own field of vision for the limits of the world. Schopenhauer pgplxJNQYesZ5.pgp Description: PGP signature