From owner-svn-doc-head@FreeBSD.ORG Sat Feb 2 22:49:04 2013 Return-Path: Delivered-To: svn-doc-head@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 322E1687; Sat, 2 Feb 2013 22:49:04 +0000 (UTC) (envelope-from wblock@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 0C2B39CC; Sat, 2 Feb 2013 22:49:04 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r12Mn395027612; Sat, 2 Feb 2013 22:49:03 GMT (envelope-from wblock@svn.freebsd.org) Received: (from wblock@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r12Mn3XH027611; Sat, 2 Feb 2013 22:49:03 GMT (envelope-from wblock@svn.freebsd.org) Message-Id: <201302022249.r12Mn3XH027611@svn.freebsd.org> From: Warren Block Date: Sat, 2 Feb 2013 22:49:03 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r40872 - head/en_US.ISO8859-1/books/handbook/mirrors X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Feb 2013 22:49:04 -0000 Author: wblock Date: Sat Feb 2 22:49:03 2013 New Revision: 40872 URL: http://svnweb.freebsd.org/changeset/doc/40872 Log: Add information on preferred protocols and HTTPS fingerprint verification to the Subversion Mirror Sites section. Reviewed by: simon (slightly earlier version) Modified: head/en_US.ISO8859-1/books/handbook/mirrors/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/mirrors/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/mirrors/chapter.xml Sat Feb 2 14:52:15 2013 (r40871) +++ head/en_US.ISO8859-1/books/handbook/mirrors/chapter.xml Sat Feb 2 22:49:03 2013 (r40872) @@ -669,7 +669,7 @@ present but was not created by svn, remember to rename or delete it before the checkout. - &prompt.root; svn checkout https://svn0.us-west.FreeBSD.org/ports/head /usr/ports + &prompt.root; svn checkout https://svn0.us-west.FreeBSD.org/ports/head /usr/ports Because the initial checkout has to download the full branch of the remote repository, it can take a while. Please @@ -716,7 +716,7 @@ - <application>Subversion</application> Sites + <application>Subversion</application> Mirror Sites Subversion Repository @@ -791,6 +791,42 @@ + + HTTPS is the preferred protocol, + providing protection against another computer pretending to be + the &os; mirror (commonly known as a man in the + middle attack) or otherwise trying to send bad content + to the end user. + + On the first connection to an HTTPS + mirror, the user will be asked to verify the server + fingerprint: + + Error validating server certificate for 'https://svn0.us-west.freebsd.org:443': + - The certificate is not issued by a trusted authority. Use the + fingerprint to validate the certificate manually! +Certificate information: + - Hostname: svnmir.ysv.FreeBSD.org + - Valid: from Fri, 24 Aug 2012 22:04:04 GMT until Sat, 24 Aug 2013 22:04:04 GMT + - Issuer: clusteradm, FreeBSD.org, CA, US + - Fingerprint: 79:35:8f:ca:6d:34:d9:30:44:d1:00:af:33:4d:e6:11:44:4d:15:ec +(R)eject, accept (t)emporarily or accept (p)ermanently? + + Compare the fingerprint shown to those listed in the table + above. If the fingerprint matches, the server security + certificate can be accepted temporarily or permanently. A + temporary certificate will expire after a single session with + the server, and the verification step will be repeated on the + next connection. Accepting the certificate permanently will + store the authentication credentials in + ~/.subversion/auth/ and + the user will not be asked to verify the fingerprint again until + the certificate expires. + + If HTTPS cannot be used due to firewall + or other problems, SVN is the next choice, + with slightly faster transfers. When neither can be used, use + HTTP.