From owner-freebsd-security@FreeBSD.ORG  Sun Apr 13 14:34:01 2014
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id F3754B73;
 Sun, 13 Apr 2014 14:34:00 +0000 (UTC)
Received: from be-well.ilk.org (be-well.ilk.org [23.30.133.173])
 by mx1.freebsd.org (Postfix) with ESMTP id C573114C1;
 Sun, 13 Apr 2014 14:34:00 +0000 (UTC)
Received: from lowell-desk.lan (lowell-desk.lan [172.30.250.41])
 by be-well.ilk.org (Postfix) with ESMTP id 4927933C49;
 Sun, 13 Apr 2014 10:33:55 -0400 (EDT)
Received: by lowell-desk.lan (Postfix, from userid 1147)
 id 1C82039846; Sun, 13 Apr 2014 10:33:53 -0400 (EDT)
From: Lowell Gilbert <freebsd-security-local@be-well.ilk.org>
To: David.I.Noel@gmail.com
Subject: Re: Retiring portsnap [was MITM attacks against portsnap and
 freebsd-update]
References: <CAHAXwYCGkP-o0VvMXj5S8-KNA45aTvy+srjDL_=8-x9Dza5z5Q@mail.gmail.com>
 <53472B7F.5090001@FreeBSD.org>
 <CAHAXwYDdxbRimwjvPf+5odYUUN4u4rNzdEkEmWwZN97mi1riEg@mail.gmail.com>
 <53483074.1050100@delphij.net>
 <CAHAXwYDhxmEwxtBLyZF1R1F8XENsq4FbpzVy89BN8f+RYU74KA@mail.gmail.com>
Date: Sun, 13 Apr 2014 10:33:53 -0400
In-Reply-To: <CAHAXwYDhxmEwxtBLyZF1R1F8XENsq4FbpzVy89BN8f+RYU74KA@mail.gmail.com>
 (David Noel's message of "Fri, 11 Apr 2014 15:23:01 -0500")
Message-ID: <44bnw5uwmm.fsf@lowell-desk.lan>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain
Cc: freebsd-security@freebsd.org, security@freebsd.org
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Apr 2014 14:34:01 -0000

David Noel <david.i.noel@gmail.com> writes:

> My main point was that if you don't trust Subversion it makes no sense
> to say you trust portsnap. Portsnap pulls the ports tree from
> Subversion. Using Subversion! The portsnap system relies on the trust
> of both svnadmin and svn. Just as it does when you run svn co and svn
> up. If you say you don't trust Subversion, essentially what you're
> saying is that you don't trust anything running on your computer.

You were talking about MITM attacks. Portsnap uses secured access for
getting updates out of Subversion, whereas doing "svn co" remotely
generally does not. This is not a trivial point.