From owner-freebsd-security@FreeBSD.ORG Fri Apr 11 18:12:09 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 306CDEE4; Fri, 11 Apr 2014 18:12:09 +0000 (UTC) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "anubis.delphij.net", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 124E41B30; Fri, 11 Apr 2014 18:12:08 +0000 (UTC) Received: from zeta.ixsystems.com (unknown [69.198.165.132]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by anubis.delphij.net (Postfix) with ESMTPSA id 5BD12477C; Fri, 11 Apr 2014 11:12:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net; s=anubis; t=1397239927; bh=SgfmutnDiezbxz2NGF5hu2M1BM3Fcev55cHm72tihCQ=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=By7z98Ym1dk5bmx0coEk/IXdbEvH4bWEJ8TRmOfVckC6M2jyecZxzuvkuHXKx/RrT G8uZfVLxKhycOrSvY15Bj8rfflX42B1CJzLcTgcaOvzMMUcG2s5AeCjEGhFvn8HV1k Qv5mvtB/EHH/hPLtpyt/6g5DP44HXA/vZqj6YFRg= Message-ID: <53483074.1050100@delphij.net> Date: Fri, 11 Apr 2014 11:12:04 -0700 From: Xin Li Organization: The FreeBSD Project MIME-Version: 1.0 To: David.I.Noel@gmail.com, Bryan Drewery Subject: Re: Retiring portsnap [was MITM attacks against portsnap and freebsd-update] References: <53472B7F.5090001@FreeBSD.org> In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org, secteam , security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: d@delphij.net List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Apr 2014 18:12:09 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 04/11/14 09:08, David Noel wrote: >> Your report aside, I find portsnap to be far superior in security >> for ports and users. > > If you look at the portsnap build code you'll see that the first > thing portsnap does is pull the ports tree from Subversion. It uses > the URL svn://svn.freebsd.org/ports. By not using ssl or svn+ssh > the entire ports archive is exposed to corruption right from the > start. Just to clarify -- this is not entirely true. I have double checked and confirmed that the snapshot builder of portsnap at FreeBSD.org uses svn over spiped transport. The configuration on svn do not necessarily reflect what's running in production (however you brought a very good point that it's a good idea to bring them public assuming there is no sensitive information in them so anyone can review them). Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTSDB0AAoJEJW2GBstM+nsuWYP/1e49M6TfYQpDwr2ufOuF+a5 IfDcgRyFrW/aPEoJwF6zqCNCyz9HhBxyoj8UkHqp371gjq1SSeHm7mx3/Md10rFX Y9kwwVFNUelN3Xa4a158o2m3/rxWiJaloTLPI75q6WhQnXQlgxYmsqiPywiRXRUk 0jQI7OkzEa3f2ntC4oCEKdBkwPxpcI+FGFk7jI/1NofzPZpZqDxDXsgzRoWe1Xvc lH6uFOH3dxa6xGA2/zq9Av8NgqcS3ka9drcMrqWpMixWKT6btTjJ4hnqoZ2riFtO /FZ93TZs8Kydivk4N//qSR86a6T+Yg53zYMiSrobkOphTDk8ON4ooA8o689IWF1Y JZz20ROeTZ8BnEhK4TEm4yXGX3Py6DScfyklyFQfH3La8zOsZfYa1mwyy/9hYc/u xSZm4QKsQhKq4ou68UyFV1F2/gpEfrbYIpd4ybTnMpC8umE86tjBmFmCDoqf7uKW z5aKwdMQOa3CWSC0RrT9W55wNVO/R0YGM7qG5nqm1YjQajUGMlub2ntLiOTt3STT 2VMDHP7YzNRQU7SDbGCqA2NrVPur57I7uavHgEbKiwtKmuWWip1Nlyv3tyFZvwIZ 8X6pBpi1Ddj06Vy/KydKomn4zBvw1bZ4l/I55yF7/QAgbkW64brbdx/TGLmItHNP bclldphPPDj12yzaz1so =ofjA -----END PGP SIGNATURE-----