From owner-freebsd-chat@FreeBSD.ORG  Sun Jun 22 00:46:50 2003
Return-Path: <owner-freebsd-chat@FreeBSD.ORG>
Delivered-To: freebsd-chat@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id AF8A537B401; Sun, 22 Jun 2003 00:46:50 -0700 (PDT)
Received: from mta05-svc.ntlworld.com (mta05-svc.ntlworld.com [62.253.162.45])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 43D5243FA3; Sun, 22 Jun 2003 00:46:49 -0700 (PDT)
	(envelope-from colin.percival@wadham.ox.ac.uk)
Received: from piii600.wadham.ox.ac.uk ([81.103.196.4])
	by mta05-svc.ntlworld.comESMTP
	<20030622074647.JRYY28183.mta05-svc.ntlworld.com@piii600.wadham.ox.ac.uk>;
	Sun, 22 Jun 2003 08:46:47 +0100
Message-Id: <5.0.2.1.1.20030622084009.01c8d600@popserver.sfu.ca>
X-Sender: cperciva@popserver.sfu.ca
X-Mailer: QUALCOMM Windows Eudora Version 5.0.2
Date: Sun, 22 Jun 2003 08:46:45 +0100
To: David Schultz <das@FreeBSD.org>
From: Colin Percival <colin.percival@wadham.ox.ac.uk>
In-Reply-To: <20030622055900.GA60949@HAL9000.homeunix.com>
References: <5.0.2.1.1.20030622044124.02cc0948@popserver.sfu.ca>
 <5.0.2.1.1.20030622022111.02c1cdf8@popserver.sfu.ca>
 <5.0.2.1.1.20030621193449.02c91ce8@popserver.sfu.ca>
 <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca>
 <20030621163835.GA18653@tulip.epweb.co.za>
 <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca>
 <5.0.2.1.1.20030621193449.02c91ce8@popserver.sfu.ca>
 <5.0.2.1.1.20030622022111.02c1cdf8@popserver.sfu.ca>
 <5.0.2.1.1.20030622044124.02cc0948@popserver.sfu.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
cc: chat@FreeBSD.org
Subject: Re: Cryptographically enabled ports tree.
X-BeenThere: freebsd-chat@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Non technical items related to the community
	<freebsd-chat.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-chat>,
	<mailto:freebsd-chat-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-chat>
List-Post: <mailto:freebsd-chat@freebsd.org>
List-Help: <mailto:freebsd-chat-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-chat>,
	<mailto:freebsd-chat-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Jun 2003 07:46:51 -0000

At 22:59 21/06/2003 -0700, David Schultz wrote:
>If you just want to know that the bits you have came from
>freebsd.org, that's another thing.  The technology to do that
>already exists in cvsup, as long as you trust the mirrors.  (Most
>of them probably don't use authentication right now, but that can
>be fixed, I'm sure, if enough people are concerned about it.)

   Well, sort of.  The authentication in cvsup relies upon starting with a 
shared secret, which isn't an option for the general public.

>If your whole point is that you don't trust the mirrors, then maybe
>you have a case for signing deltas on the master...

   Exactly.  I might, grudgingly, be willing to trust the people who run 
the cvsup mirrors -- although I'd really rather not -- but trusting the 
security, physical and electronic, of the mirrors is quite a different matter.

Colin Percival