HEADS UP: Importing csup into base

4 views
Skip to first unread message

Maxime Henrion

unread,
Mar 1, 2006, 12:05:01 PM3/1/06
to ar...@freebsd.org, cur...@freebsd.org
Hey all,


I have released a new snapshot of csup a few minutes ago, called
csup-snap-20060301. You can grab it at http://mu.org/~mux/csup.html.
This last snapshot finally brings in support for the refuse files, as
well as the -i <pattern> and -A <localaddr> options. At this point,
csup is pretty much feature complete as far as checkout mode is
concerned. To sum things up, besides CVS mode, the only features
missing are :

- Authentication (rarely used, plus someone has a patch for this),
- Executes (shell commands sent by the server, even more rarely used),
- The -k and -d <limit> options and the "destDir" parameters that are
more debugging features than real features,
- An Xaw3d GUI (just kidding).

So I think it is now time to import csup in FreeBSD base system so that
our users finally have a way to update their sources with a bare
install, and am requesting comments/opinions/problem reports on the
matter as long as it doesn't degenerate into a bikeshed.

For those interested in CVS mode, I'll now start working on this soon,
but cannot guarantee that I'll ever have it finished. I've been
unemployed for a few months now which allowed me to get this far, but I
will soon need to get a new job for obvious reasons. If you would like
to see CVS mode happening and can spare some money, please consider
making a donation to my Paypal account (id m...@FreeBSD.org). I take
advantage of this mail to thank Garance Drosehn that has generously
donated me some money to help me on this task already.

Cheers,
Maxime
_______________________________________________
freebsd...@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-curre...@freebsd.org"

Colin Percival

unread,
Mar 1, 2006, 12:19:30 PM3/1/06
to Maxime Henrion, ar...@freebsd.org, cur...@freebsd.org
Maxime Henrion wrote:
> So I think it is now time to import csup in FreeBSD base system so that
> our users finally have a way to update their sources with a bare
> install, and am requesting comments/opinions/problem reports on the
> matter as long as it doesn't degenerate into a bikeshed.

Yes please!

I'd love to see CVS mode and authentication support as well, but given
the number of people who don't apply security fixes (over 60% of FreeBSD
6.0 systems running portsnap are still running 6.0-RELEASE) I'd say that
anything which makes updating easier is great.

Colin Percival

Reid Linnemann

unread,
Mar 1, 2006, 12:41:57 PM3/1/06
to Maxime Henrion, freebsd...@freebsd.org
Maxime Henrion wrote:
> Hey all,
>
>
> I have released a new snapshot of csup a few minutes ago, called
> csup-snap-20060301. You can grab it at http://mu.org/~mux/csup.html.
> This last snapshot finally brings in support for the refuse files, as
> well as the -i <pattern> and -A <localaddr> options. At this point,
> csup is pretty much feature complete as far as checkout mode is
> concerned. To sum things up, besides CVS mode, the only features
> missing are :

> - An Xaw3d GUI (just kidding).

Naturally this is supplanted with an OpenLook GUI, right?

;)

--
Reid Linnemann
Senior Systems Analyst
Oklahoma Department of CareerTech
405-743-5422
rl...@okcareertech.org

-Ars longa, vita brevis-

Freddie Cash

unread,
Mar 1, 2006, 1:03:22 PM3/1/06
to freebsd...@freebsd.org
On Wednesday 01 March 2006 09:40 am, Reid Linnemann wrote:
> Maxime Henrion wrote:
> > Hey all,
> > I have released a new snapshot of csup a few minutes ago, called
> > csup-snap-20060301. You can grab it at http://mu.org/~mux/csup.html.
> > This last snapshot finally brings in support for the refuse files, as
> > well as the -i <pattern> and -A <localaddr> options. At this point,
> > csup is pretty much feature complete as far as checkout mode is
> > concerned. To sum things up, besides CVS mode, the only features
> > missing are :

> > - An Xaw3d GUI (just kidding).

> Naturally this is supplanted with an OpenLook GUI, right?

No, no, no. We need to bring this into the 21st century. A system
updater like this needs a flashy, 3D-accelerator,
composite-manager-using, fully transparent, animated GUI with more
buttons, features, and whiz-bang graphics than you can shake a dead dog
at.

After all, we can't let any Linux distro beat us to it. :)
--
Freddie Cash
fc...@ocis.net

Maxime Henrion

unread,
Mar 1, 2006, 1:21:59 PM3/1/06
to ar...@freebsd.org, cur...@freebsd.org
Maxime Henrion wrote:
[...]

> So I think it is now time to import csup in FreeBSD base system so that
> our users finally have a way to update their sources with a bare
> install, and am requesting comments/opinions/problem reports on the
> matter as long as it doesn't degenerate into a bikeshed.

Just so that people don't waste time reporting this: there is a
use-after-free bug in the last snapshot that is already fixed in CVS.
That will teach me to set malloc.conf to aj!

Wilko Bulte

unread,
Mar 1, 2006, 1:35:12 PM3/1/06
to Freddie Cash, freebsd...@freebsd.org
On Wed, Mar 01, 2006 at 10:02:10AM -0800, Freddie Cash wrote..

> On Wednesday 01 March 2006 09:40 am, Reid Linnemann wrote:
> > Maxime Henrion wrote:
> > > Hey all,
> > > I have released a new snapshot of csup a few minutes ago, called
> > > csup-snap-20060301. You can grab it at http://mu.org/~mux/csup.html.
> > > This last snapshot finally brings in support for the refuse files, as
> > > well as the -i <pattern> and -A <localaddr> options. At this point,
> > > csup is pretty much feature complete as far as checkout mode is
> > > concerned. To sum things up, besides CVS mode, the only features
> > > missing are :
>
> > > - An Xaw3d GUI (just kidding).
>
> > Naturally this is supplanted with an OpenLook GUI, right?
>
> No, no, no. We need to bring this into the 21st century. A system
> updater like this needs a flashy, 3D-accelerator,
> composite-manager-using, fully transparent, animated GUI with more
> buttons, features, and whiz-bang graphics than you can shake a dead dog
> at.

Aqua?

> After all, we can't let any Linux distro beat us to it. :)
> --
> Freddie Cash
> fc...@ocis.net
> _______________________________________________
> freebsd...@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-curre...@freebsd.org"

--- end of quoted text ---

--
Wilko Bulte wi...@FreeBSD.org

Scott Long

unread,
Mar 1, 2006, 2:33:24 PM3/1/06
to Maxime Henrion, ar...@freebsd.org, cur...@freebsd.org
Maxime Henrion wrote:
> Hey all,
>
>
> I have released a new snapshot of csup a few minutes ago,

[...]

>
> - Executes (shell commands sent by the server, even more rarely used),

Are you joking?

Scott

Scott Long

unread,
Mar 1, 2006, 2:39:40 PM3/1/06
to Freddie Cash, freebsd...@freebsd.org
Freddie Cash wrote:
> On Wednesday 01 March 2006 09:40 am, Reid Linnemann wrote:
>
>>Maxime Henrion wrote:
>>
>>> Hey all,
>>>I have released a new snapshot of csup a few minutes ago, called
>>>csup-snap-20060301. You can grab it at http://mu.org/~mux/csup.html.
>>>This last snapshot finally brings in support for the refuse files, as
>>>well as the -i <pattern> and -A <localaddr> options. At this point,
>>>csup is pretty much feature complete as far as checkout mode is
>>>concerned. To sum things up, besides CVS mode, the only features
>>>missing are :
>
>
>>> - An Xaw3d GUI (just kidding).
>
>
>>Naturally this is supplanted with an OpenLook GUI, right?
>
>
> No, no, no. We need to bring this into the 21st century. A system
> updater like this needs a flashy, 3D-accelerator,
> composite-manager-using, fully transparent, animated GUI with more
> buttons, features, and whiz-bang graphics than you can shake a dead dog
> at.
>
> After all, we can't let any Linux distro beat us to it. :)

Bah, I'm so cool and retro-chic that I demand that csup communicate to
me via morse code telegraph. You sissy loosers with your fancy text
consoles are the definition of bourgeois oppulence!

Ha

Scott

Poul-Henning Kamp

unread,
Mar 1, 2006, 2:45:08 PM3/1/06
to Scott Long, freebsd...@freebsd.org, Freddie Cash
In message <4405F791...@samsco.org>, Scott Long writes:

>Bah, I'm so cool and retro-chic that I demand that csup communicate to
>me via morse code telegraph. You sissy loosers with your fancy text
>consoles are the definition of bourgeois oppulence!

As long as I can feed the input via paper tape, I'm with you Scott.

--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
p...@FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.

Wilko Bulte

unread,
Mar 1, 2006, 2:46:35 PM3/1/06
to Scott Long, freebsd...@freebsd.org, Freddie Cash
On Wed, Mar 01, 2006 at 12:35:45PM -0700, Scott Long wrote..

> Freddie Cash wrote:
> >On Wednesday 01 March 2006 09:40 am, Reid Linnemann wrote:
> >
> >>Maxime Henrion wrote:
> >>
> >>> Hey all,
> >>>I have released a new snapshot of csup a few minutes ago, called
> >>>csup-snap-20060301. You can grab it at http://mu.org/~mux/csup.html.
> >>>This last snapshot finally brings in support for the refuse files, as
> >>>well as the -i <pattern> and -A <localaddr> options. At this point,
> >>>csup is pretty much feature complete as far as checkout mode is
> >>>concerned. To sum things up, besides CVS mode, the only features
> >>>missing are :
> >
> >
> >>> - An Xaw3d GUI (just kidding).
> >
> >
> >>Naturally this is supplanted with an OpenLook GUI, right?
> >
> >
> >No, no, no. We need to bring this into the 21st century. A system
> >updater like this needs a flashy, 3D-accelerator,
> >composite-manager-using, fully transparent, animated GUI with more
> >buttons, features, and whiz-bang graphics than you can shake a dead dog
> >at.
> >
> >After all, we can't let any Linux distro beat us to it. :)
>
> Bah, I'm so cool and retro-chic that I demand that csup communicate to
> me via morse code telegraph. You sissy loosers with your fancy text
> consoles are the definition of bourgeois oppulence!

5 channel Baudot code, printed in ASCII rendering on the console, @ 45Baud?

--
Wilko Bulte wi...@FreeBSD.org

Wilko Bulte

unread,
Mar 1, 2006, 2:51:40 PM3/1/06
to Poul-Henning Kamp, freebsd...@freebsd.org, Freddie Cash
On Wed, Mar 01, 2006 at 07:40:32PM +0000, Poul-Henning Kamp wrote..

> In message <4405F791...@samsco.org>, Scott Long writes:
>
> >Bah, I'm so cool and retro-chic that I demand that csup communicate to
> >me via morse code telegraph. You sissy loosers with your fancy text
> >consoles are the definition of bourgeois oppulence!
>
> As long as I can feed the input via paper tape, I'm with you Scott.

Only if it has a mechanical reader (with sensing pins for the holes).
An optical reader won't do

--
Wilko Bulte wi...@FreeBSD.org

Scott Long

unread,
Mar 1, 2006, 2:55:10 PM3/1/06
to Wilko Bulte, Poul-Henning Kamp, freebsd...@freebsd.org, Freddie Cash
Wilko Bulte wrote:
> On Wed, Mar 01, 2006 at 07:40:32PM +0000, Poul-Henning Kamp wrote..
>
>>In message <4405F791...@samsco.org>, Scott Long writes:
>>
>>
>>>Bah, I'm so cool and retro-chic that I demand that csup communicate to
>>>me via morse code telegraph. You sissy loosers with your fancy text
>>>consoles are the definition of bourgeois oppulence!
>>
>>As long as I can feed the input via paper tape, I'm with you Scott.
>
>
> Only if it has a mechanical reader (with sensing pins for the holes).
> An optical reader won't do
>

I assume that your method would include the use of transistors. Go back
to your fancy GUI.

Scott

Larry Rosenman

unread,
Mar 1, 2006, 2:58:53 PM3/1/06
to Wilko Bulte, Poul-Henning Kamp, freebsd...@freebsd.org, Freddie Cash
Wilko Bulte wrote:
> On Wed, Mar 01, 2006 at 07:40:32PM +0000, Poul-Henning Kamp wrote..
>> In message <4405F791...@samsco.org>, Scott Long writes:
>>
>>> Bah, I'm so cool and retro-chic that I demand that csup communicate
>>> to me via morse code telegraph. You sissy loosers with your fancy
>>> text consoles are the definition of bourgeois oppulence!
>>
>> As long as I can feed the input via paper tape, I'm with you Scott.
>
> Only if it has a mechanical reader (with sensing pins for the holes).
> An optical reader won't do

Y'all are making me feel real old. I remember asr-33 teletypes as my
main access to my high schools computer for the first 2 years I was there.

LER


--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 512-248-2683 E-Mail: l...@lerctr.org
US Mail: 430 Valona Loop, Round Rock, TX 78681-3893

Garance A Drosehn

unread,
Mar 1, 2006, 3:18:50 PM3/1/06
to Maxime Henrion, ar...@freebsd.org, cur...@freebsd.org
At 6:03 PM +0100 3/1/06, Maxime Henrion wrote:
>
>So I think it is now time to import csup in FreeBSD base system
>so that our users finally have a way to update their sources
>with a bare install, and am requesting comments/opinions/problem
>reports on the matter as long as it doesn't degenerate into a
>bikeshed.

I wonder if we should handle this more like perl (or X11?), where
it remains a port, but a port which is always installed along
with the base-system install. My hope is that with the new
C-based implementation, 'csup' would be useful to other projects.
(any cvs-based open-source project, not just operating systems).

I would also be happy to see it as part of the freebsd base system,
so I only mention the above alternative because I'm wondering what
would be the best way to handle a project like this...

Whether or not it goes into the base system, I hope more people
can take the time to try it out, and make sure that it will be
well-tested.

>If you would like to see CVS mode happening and can spare some
>money, please consider making a donation to my Paypal account
>(id m...@FreeBSD.org). I take advantage of this mail to thank
>Garance Drosehn that has generously donated me some money to
>help me on this task already.

I've contributed enough to keep him in caffeine, but certainly
not enough to be mistaken for a full-time employer... :-)

I have been very happy to see all the recent progress. Even
though I do like to work with multiple computer languages (and
in fact there is a lot I like about Modula-3), I do think a tool
such as cvsup needs to be in a more universally-available and
widely-known language.

--
Garance Alistair Drosehn = g...@gilead.netel.rpi.edu
Senior Systems Programmer or g...@FreeBSD.org
Rensselaer Polytechnic Institute; Troy, NY; USA

Scott Long

unread,
Mar 1, 2006, 3:25:41 PM3/1/06
to Garance A Drosehn, ar...@freebsd.org, cur...@freebsd.org
Garance A Drosehn wrote:
> At 6:03 PM +0100 3/1/06, Maxime Henrion wrote:
>
>>
>> So I think it is now time to import csup in FreeBSD base system
>> so that our users finally have a way to update their sources
>> with a bare install, and am requesting comments/opinions/problem
>> reports on the matter as long as it doesn't degenerate into a
>> bikeshed.
>
>
> I wonder if we should handle this more like perl (or X11?), where
> it remains a port, but a port which is always installed along
> with the base-system install. My hope is that with the new
> C-based implementation, 'csup' would be useful to other projects.
> (any cvs-based open-source project, not just operating systems).
>

perl is the way it is to help ease the transition back 5+ years ago
with FreeBSD 4. I'd kinda like to declare that transition a completed
success. Adding more one-off special cases to sysinstall only makes
it harder to maintain, harder to build releases, etc.

> I would also be happy to see it as part of the freebsd base system,
> so I only mention the above alternative because I'm wondering what
> would be the best way to handle a project like this...

Make it part of the base system. It's no different than having cvs in
the base system. It also doesn't have any foreign dependencies, which
was the main reason that cvsup was never assimilated.

Scott

Lowell Gilbert

unread,
Mar 1, 2006, 3:35:46 PM3/1/06
to ar...@freebsd.org, cur...@freebsd.org
Scott Long <sco...@samsco.org> writes:

> Maxime Henrion wrote:
> > Hey all,
> > I have released a new snapshot of csup a few minutes ago,
>
> [...]
>
> > - Executes (shell commands sent by the server, even more rarely
> > used),
>
> Are you joking?

Are you asking whether he's joking about (1) the idea of ever
implementing it, (2) the fact that he hasn't done it yet, or
(3) the idea that it's rarely used? All of those sound
reasonable to me...

Kris Kennaway

unread,
Mar 1, 2006, 4:19:45 PM3/1/06
to Wesley Shields, ar...@freebsd.org, cur...@freebsd.org, Lowell Gilbert
On Wed, Mar 01, 2006 at 04:19:32PM -0500, Wesley Shields wrote:

> On Wed, Mar 01, 2006 at 03:33:41PM -0500, Lowell Gilbert wrote:
> > Scott Long <sco...@samsco.org> writes:
> >
> > > Maxime Henrion wrote:
> > > > Hey all,
> > > > I have released a new snapshot of csup a few minutes ago,
> > >
> > > [...]
> > >
> > > > - Executes (shell commands sent by the server, even more rarely
> > > > used),
> > >
> > > Are you joking?
> >
> > Are you asking whether he's joking about (1) the idea of ever
> > implementing it, (2) the fact that he hasn't done it yet, or
> > (3) the idea that it's rarely used? All of those sound
> > reasonable to me...
>
> I'm questioning (1) myself. This just seems like a bad idea from a
> security perspective. Of course, some kind of sanitization could
> mitigate the issue.

Let's not lose sight of the fact that whoever runs the cvsup server
already owns your machine, since they're giving you unauthenticated
source code [1].

Kris

[1] Please don't take this as an invitation to talk about how Someone
Should Fix This, since it's not on the table until Someone first
writes csupd :-)

Matthew D. Fuller

unread,
Mar 1, 2006, 4:32:40 PM3/1/06
to Wesley Shields, ar...@freebsd.org, cur...@freebsd.org, Lowell Gilbert
On Wed, Mar 01, 2006 at 04:19:32PM -0500 I heard the voice of
Wesley Shields, and lo! it spake thus:

>
> I'm questioning (1) myself. This just seems like a bad idea from a
> security perspective.

Well, it should be remember that CVSup is (at least conceptually) not
just "a tool for spreading CVS-held source around like fertilizer",
it's "a software package for distributing and updating collections of
files across a network" (per www.cvsup.org). If you're using it to
sync files between two hosts you control, there are many good reasons
why you'd want to run commands (rather like you would with rdist).


--
Matthew Fuller (MF4839) | full...@over-yonder.net
Systems/Network Administrator | http://www.over-yonder.net/~fullermd/
On the Internet, nobody can hear you scream.

Kövesdán Gábor

unread,
Mar 1, 2006, 5:50:45 PM3/1/06
to Maxime Henrion, ar...@freebsd.org, cur...@freebsd.org
Maxime Henrion wrote:

Thanks a lot, csup is very great: fast and lightweight. :) CVSup was a
huge pain to install. I hope you'll get enough donation to implement the
cvs mode, too. :)

Regards,

Gabor Kovesdan

Mark Linimon

unread,
Mar 1, 2006, 5:56:40 PM3/1/06
to Wilko Bulte, freebsd...@freebsd.org, Freddie Cash
On Wed, Mar 01, 2006 at 08:40:38PM +0100, Wilko Bulte wrote:
> 5 channel Baudot code, printed in ASCII rendering on the console, @ 45Baud?

I still have parts for one if anyone cares.

mcl

Wesley Shields

unread,
Mar 1, 2006, 5:57:25 PM3/1/06
to Lowell Gilbert, ar...@freebsd.org, cur...@freebsd.org
On Wed, Mar 01, 2006 at 03:33:41PM -0500, Lowell Gilbert wrote:
> Scott Long <sco...@samsco.org> writes:
>
> > Maxime Henrion wrote:
> > > Hey all,
> > > I have released a new snapshot of csup a few minutes ago,
> >
> > [...]
> >
> > > - Executes (shell commands sent by the server, even more rarely
> > > used),
> >
> > Are you joking?
>
> Are you asking whether he's joking about (1) the idea of ever
> implementing it, (2) the fact that he hasn't done it yet, or
> (3) the idea that it's rarely used? All of those sound
> reasonable to me...

I'm questioning (1) myself. This just seems like a bad idea from a


security perspective. Of course, some kind of sanitization could
mitigate the issue.

-- WXS

Andrew Reilly

unread,
Mar 1, 2006, 5:58:46 PM3/1/06
to Garance A Drosehn, Maxime Henrion, ar...@freebsd.org, cur...@freebsd.org
On Wed, Mar 01, 2006 at 03:18:07PM -0500, Garance A Drosehn wrote:
> Even
> though I do like to work with multiple computer languages (and
> in fact there is a lot I like about Modula-3), I do think a tool
> such as cvsup needs to be in a more universally-available and
> widely-known language.

I like Modula-3 too (at least conceptually: I haven't found an
excuse to code in it), but not "widely-known" is perhaps even an
understatement. I came across this site the other day:
http://www.tiobe.com/index.htm?tiobe_index
Which I thought pretty interesting. I noticed that Modula-3
doesn't even make it into the top-100 popular languages, which
puts it below Algol, Oberon, and Modula-2.

Cheers,

--
Andrew

Steve Kargl

unread,
Mar 1, 2006, 6:02:32 PM3/1/06
to Andrew Reilly, ar...@freebsd.org, cur...@freebsd.org, Garance A Drosehn
On Thu, Mar 02, 2006 at 09:41:20AM +1100, Andrew Reilly wrote:
> On Wed, Mar 01, 2006 at 03:18:07PM -0500, Garance A Drosehn wrote:
> > Even
> > though I do like to work with multiple computer languages (and
> > in fact there is a lot I like about Modula-3), I do think a tool
> > such as cvsup needs to be in a more universally-available and
> > widely-known language.
>
> I like Modula-3 too (at least conceptually: I haven't found an
> excuse to code in it), but not "widely-known" is perhaps even an
> understatement. I came across this site the other day:
> http://www.tiobe.com/index.htm?tiobe_index
> Which I thought pretty interesting. I noticed that Modula-3
> doesn't even make it into the top-100 popular languages, which
> puts it below Algol, Oberon, and Modula-2.
>

Interesting site. Guess which language in the top 20
has the most recently approved International standard?

--
Steve

Maxime Henrion

unread,
Mar 1, 2006, 6:42:10 PM3/1/06
to Wesley Shields, ar...@freebsd.org, cur...@freebsd.org, Lowell Gilbert, Kris Kennaway
Wesley Shields wrote:
> On Wed, Mar 01, 2006 at 04:17:08PM -0500, Kris Kennaway wrote:

> > On Wed, Mar 01, 2006 at 04:19:32PM -0500, Wesley Shields wrote:
> > > On Wed, Mar 01, 2006 at 03:33:41PM -0500, Lowell Gilbert wrote:
> > > > Scott Long <sco...@samsco.org> writes:
> > > >
> > > > > Maxime Henrion wrote:
> > > > > > Hey all,
> > > > > > I have released a new snapshot of csup a few minutes ago,
> > > > >
> > > > > [...]
> > > > >
> > > > > > - Executes (shell commands sent by the server, even more rarely
> > > > > > used),
> > > > >
> > > > > Are you joking?
> > > >
> > > > Are you asking whether he's joking about (1) the idea of ever
> > > > implementing it, (2) the fact that he hasn't done it yet, or
> > > > (3) the idea that it's rarely used? All of those sound
> > > > reasonable to me...
> > >
> > > I'm questioning (1) myself. This just seems like a bad idea from a
> > > security perspective. Of course, some kind of sanitization could
> > > mitigate the issue.
> >
> > Let's not lose sight of the fact that whoever runs the cvsup server
> > already owns your machine, since they're giving you unauthenticated
> > source code [1].
>
> You are right on this point. But on the scale of potentially bad things
> I think a rogue server sending commands that the client exectues is
> pretty close to a rogue server sending malicious source code. At least
> the source is easily verifiable and (in the case of the malicious source
> being inserted at the master site) has a good chance of being noticed.
>
> It's not that I'm 100% against this idea, but rather that I'd like to
> see the client be cautious of the possibility of a rogue server. Of
> course, this could all be the plan and I'm just raising a non-issue.

Just to make things straight, executes are always off by default, and
need to be explicitely enabled by the user. This is how it has always
been in CVSup, and there is no reason for csup to change that when it
will support executes. That said, the mail I sent wasn't about whether
I should implement executes or not. They are just part of the "missing
features" list.

Cheers,
Maxime

Mike Jakubik

unread,
Mar 1, 2006, 7:05:03 PM3/1/06
to Kövesdán Gábor, Maxime Henrion, ar...@freebsd.org, cur...@freebsd.org
Kövesdán Gábor wrote:
> Thanks a lot, csup is very great: fast and lightweight. :) CVSup was a
> huge pain to install. I hope you'll get enough donation to implement
> the cvs mode, too. :)

Not from my experience, last time i tried csup it was much slower than
cvsup, i hope this performance problem has been solved.

Maxime Henrion

unread,
Mar 1, 2006, 7:08:55 PM3/1/06
to Mike Jakubik, ar...@freebsd.org, K?vesd?n G?bor, cur...@freebsd.org
Mike Jakubik wrote:

> K?vesd?n G?bor wrote:
> >Thanks a lot, csup is very great: fast and lightweight. :) CVSup was a
> >huge pain to install. I hope you'll get enough donation to implement
> >the cvs mode, too. :)
>
> Not from my experience, last time i tried csup it was much slower than
> cvsup, i hope this performance problem has been solved.

Well you should try a recent version of it. In all the tests I have
been doing, csup has always been at least as fast as CVSup, and quite
often faster.

If the problem persists, you need to send me a precise and detailed
problem report.

Cheers,
Maxime

Mike Jakubik

unread,
Mar 1, 2006, 7:18:30 PM3/1/06
to Maxime Henrion, ar...@freebsd.org, K?vesd?n G?bor, cur...@freebsd.org
Maxime Henrion wrote:
> Mike Jakubik wrote:
>
>> K?vesd?n G?bor wrote:
>>
>>> Thanks a lot, csup is very great: fast and lightweight. :) CVSup was a
>>> huge pain to install. I hope you'll get enough donation to implement
>>> the cvs mode, too. :)
>>>
>> Not from my experience, last time i tried csup it was much slower than
>> cvsup, i hope this performance problem has been solved.
>>
>
> Well you should try a recent version of it. In all the tests I have
> been doing, csup has always been at least as fast as CVSup, and quite
> often faster.
>
> If the problem persists, you need to send me a precise and detailed
> problem report.
>

It was a while ago (i think when its existence was initially mentioned
on the lists), so im sure it has been addressed, but if i see any
problems, i will let you know.

Wesley Shields

unread,
Mar 1, 2006, 7:24:26 PM3/1/06
to Kris Kennaway, ar...@freebsd.org, cur...@freebsd.org, Lowell Gilbert
On Wed, Mar 01, 2006 at 04:17:08PM -0500, Kris Kennaway wrote:
> On Wed, Mar 01, 2006 at 04:19:32PM -0500, Wesley Shields wrote:
> > On Wed, Mar 01, 2006 at 03:33:41PM -0500, Lowell Gilbert wrote:
> > > Scott Long <sco...@samsco.org> writes:
> > >
> > > > Maxime Henrion wrote:
> > > > > Hey all,
> > > > > I have released a new snapshot of csup a few minutes ago,
> > > >
> > > > [...]
> > > >
> > > > > - Executes (shell commands sent by the server, even more rarely
> > > > > used),
> > > >
> > > > Are you joking?
> > >
> > > Are you asking whether he's joking about (1) the idea of ever
> > > implementing it, (2) the fact that he hasn't done it yet, or
> > > (3) the idea that it's rarely used? All of those sound
> > > reasonable to me...
> >
> > I'm questioning (1) myself. This just seems like a bad idea from a
> > security perspective. Of course, some kind of sanitization could
> > mitigate the issue.
>
> Let's not lose sight of the fact that whoever runs the cvsup server
> already owns your machine, since they're giving you unauthenticated
> source code [1].

You are right on this point. But on the scale of potentially bad things


I think a rogue server sending commands that the client exectues is
pretty close to a rogue server sending malicious source code. At least
the source is easily verifiable and (in the case of the malicious source
being inserted at the master site) has a good chance of being noticed.

It's not that I'm 100% against this idea, but rather that I'd like to
see the client be cautious of the possibility of a rogue server. Of
course, this could all be the plan and I'm just raising a non-issue.

> Kris


>
> [1] Please don't take this as an invitation to talk about how Someone
> Should Fix This, since it's not on the table until Someone first
> writes csupd :-)

I didn't see it as an invitation as I've seen it discussed many times
before. Either way, I'm very pleased to see a client written in C. :)

-- WXS

Paul Murphy

unread,
Mar 1, 2006, 8:06:39 PM3/1/06
to freebsd...@freebsd.org
Larry Rosenman wrote:
> Wilko Bulte wrote:
>> On Wed, Mar 01, 2006 at 07:40:32PM +0000, Poul-Henning Kamp wrote..
>>> In message <4405F791...@samsco.org>, Scott Long writes:
>>>
>>>> Bah, I'm so cool and retro-chic that I demand that csup communicate
>>>> to me via morse code telegraph. You sissy loosers with your fancy
>>>> text consoles are the definition of bourgeois oppulence!
>>>
>>> As long as I can feed the input via paper tape, I'm with you Scott.
>>
>> Only if it has a mechanical reader (with sensing pins for the holes).
>> An optical reader won't do
>
> Y'all are making me feel real old. I remember asr-33 teletypes as my
> main access to my high schools computer for the first 2 years I was
> there.
>
> LER

I remember, back in the day, all the CS kids walking around with huge
stacks of PUNCH-CARDS.

Patrick Bowen

unread,
Mar 1, 2006, 8:26:57 PM3/1/06
to freebsd...@freebsd.org
Paul Murphy wrote:

First computer I ever saw was programmed with a patch board...

PJB

Kenneth P. Stox

unread,
Mar 2, 2006, 1:55:45 AM3/2/06