please test: Secure ports tree updating
From: Colin Percival (colin.percival_at_wadham.ox.ac.uk)
Date: Tue, 26 Oct 2004 20:58:54 +0100 To: email@example.com
CVSup is slow, insecure, and a memory hog. However, until now
it's been the only option for keeping an up-to-date ports tree,
and (thanks to all of the recent work on vuxml and portaudit)
it has become quite obvious that keeping an up-to-date ports
tree is very important.
To provide a secure, lightweight, and fast alternative to CVSup,
I've written portsnap. As the name suggests, this is a system
for building, *signing*, and distributing compressed snapshots
of the ports tree, which can then be extracted into /usr/ports
* Lightweight. It's a 15kB shell script which uses under 50kB
of other binaries.
* Designed for frequent updating. Unlike CVSup, it doesn't
need to transmit a complete list of files in the ports tree each
time it runs; in fact, if there are no updates available, it only
needs to fetch a single file of 256 bytes.
* Secure. Using code from FreeBSD Update, the ports snapshots
are signed using a 2048-bit RSA key.
* HTTP-only. That's right, you don't need to beg your network
maintainer to allow outgoing connections on port 5999 any more. :-)
Right now I'm only building snapshots once per day, but after
this has had some testing I'll increase that to once every 1-2
hours. Similarly, portsnap isn't in the ports tree yet, but it
will appear there once I'm satisfied with the testing that it
So please go and test! Portsnap can be downloaded from
PS. I'm not sure how many testers this message is going to elicit,
nor how much bandwidth portsnap.daemonology.net can comfortably
handle. I may come back tomorrow and ask for some mirrors. :-)
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "email@example.com"