From owner-freebsd-questions@FreeBSD.ORG  Fri Sep 28 20:39:35 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A8B0A1065670
	for <freebsd-questions@FreeBSD.org>;
	Fri, 28 Sep 2012 20:39:35 +0000 (UTC)
	(envelope-from matthew@FreeBSD.org)
Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk
	[IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78])
	by mx1.freebsd.org (Postfix) with ESMTP id 21F1F8FC12
	for <freebsd-questions@FreeBSD.org>;
	Fri, 28 Sep 2012 20:39:34 +0000 (UTC)
Received: from seedling.local (host86-143-179-50.range86-143.btcentralplus.com
	[86.143.179.50]) (authenticated bits=0)
	by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id
	q8SKdKaJ021474
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO);
	Fri, 28 Sep 2012 21:39:30 +0100 (BST)
	(envelope-from matthew@FreeBSD.org)
X-DKIM: OpenDKIM Filter v2.5.2 smtp.infracaninophile.co.uk q8SKdKaJ021474
Authentication-Results: smtp.infracaninophile.co.uk/q8SKdKaJ021474;
	dkim=none (no signature); dkim-adsp=none
X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host
	host86-143-179-50.range86-143.btcentralplus.com [86.143.179.50]
	claimed to be seedling.local
Message-ID: <50660AEF.2010301@FreeBSD.org>
Date: Fri, 28 Sep 2012 21:39:11 +0100
From: Matthew Seaman <matthew@FreeBSD.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6;
	rv:15.0) Gecko/20120907 Thunderbird/15.0.1
MIME-Version: 1.0
To: Ed Flecko <edflecko@gmail.com>
References: <CAFS4T6bMvrPFBECkT_dOZd4XWTAFt_-j62fO1C8YS8C38wpNXw@mail.gmail.com>
	<alpine.BSF.2.00.1209280014410.2700@mail.fig.ol.no>
	<CAFS4T6YPpZTRRjOVmSxE8L3D4w1SMFT4_W8GEJogUODRuwKmxw@mail.gmail.com>
	<alpine.BSF.2.00.1209280100460.2700@mail.fig.ol.no>
	<20120928102822.GD2389@kontrol.kode5.net>
	<alpine.BSF.2.00.1209281237010.2700@mail.fig.ol.no>
	<20120928115700.GE2389@kontrol.kode5.net>
	<CAFS4T6bxr+tZbMXF9Kr+n+mRTZQuPtbtAK2QSHDwoy=pmnDOrg@mail.gmail.com>
	<CAHAXwYD+oohtWcYjeN+iHWfJonWaK7Jo1hcqtbMECM=AhAQ6sw@mail.gmail.com>
	<CAFS4T6YzbqQuqiHmyQdNtmS9OW_Kyodx46wT5wYgCk2p1bF=Eg@mail.gmail.com>
In-Reply-To: <CAFS4T6YzbqQuqiHmyQdNtmS9OW_Kyodx46wT5wYgCk2p1bF=Eg@mail.gmail.com>
X-Enigmail-Version: 1.4.4
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enigFF40796CB93DE82FDAE78BC9"
X-Virus-Scanned: clamav-milter 0.97.6 at lucid-nonsense.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=4.4 required=5.0 tests=BAYES_00,RCVD_IN_PBL,
	RCVD_IN_RP_RNBL, RCVD_IN_SORBS_DUL, RDNS_DYNAMIC,
	SPF_SOFTFAIL autolearn=no version=3.3.2
X-Spam-Level: ****
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	lucid-nonsense.infracaninophile.co.uk
Cc: freebsd-questions@FreeBSD.org
Subject: Re: svn checkout "head" or "stable"
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Sep 2012 20:39:35 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigFF40796CB93DE82FDAE78BC9
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 28/09/2012 20:41, Ed Flecko wrote:
> David - I'd like to, but every time I try that it prompts me for a
> password...and I don't know what password it wants???

That would be the password to a freebsd.org account, which isn't going
to work for most people on two counts:

   * freebsd.org uses SSH keys for authentication, not passwords.

   * even if you've got a SSH key, not being a FreeBSD committer you
     probably don't have a freebsd.org account.

For anonymous access, you can use http or svn.  Given that anonymous
access is read-only, there's really not much to be gained from SSH or
other means of encrypting the connection, either for you, or for the
FreeBSD servers.  It's anonymous, so you don't care about
authentication.  FreeBSD sources are publicly available, so you don't
care about anyone eavesdropping on the traffic.  About the only thing
you're still exposed to is a man-in-the-middle attack, where someone
could pose as a FreeBSD server and feed you a trojanned set of sources
-- but then, you'ld still be exposed in exactly the same way even using
svn+ssh.  In practice, attacks of this type are very (pretty much
vanishingly) rare.  If they do concern you, then use portsnap(8) /
freebsd-update(8) which has specific cryptographic protection against
such things.  The portsnap and freebsd-update build systems also have
special access to the master FreeBSD repositories to minimize the
chances that they themselves could be fed trojanned sources.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey



--------------enigFF40796CB93DE82FDAE78BC9
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBmCvcACgkQ8Mjk52CukIw94wCdFfY1TIHrPZvTZb1xb4KelM8u
G3IAnjl1Xf3m6EU6Z8V6BgkiEyg7AfmV
=+60g
-----END PGP SIGNATURE-----

--------------enigFF40796CB93DE82FDAE78BC9--