From owner-freebsd-stable@FreeBSD.ORG  Tue Nov 18 11:41:05 2003
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2108C16A4CE
	for <freebsd-stable@freebsd.org>;
	Tue, 18 Nov 2003 11:41:05 -0800 (PST)
Received: from smtp5.wanadoo.nl (smtp5.wanadoo.nl [194.134.35.176])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2517B43FAF
	for <freebsd-stable@freebsd.org>;
	Tue, 18 Nov 2003 11:41:04 -0800 (PST)
	(envelope-from steve@sohara.org)
Received: from ams-gw.sohara.org (p0222.nas3-asd6.dial.wanadoo.nl
	[62.234.216.222])	by smtp5.wanadoo.nl (Postfix) with SMTP
	id AE8E578243; Tue, 18 Nov 2003 20:41:00 +0100 (CET)
Date: Tue, 18 Nov 2003 20:40:56 +0100
From: Steve O'Hara-Smith <steve@sohara.org>
To: Colin Percival <colin.percival@wadham.ox.ac.uk>
Message-Id: <20031118204056.66a9cf7a.steve@sohara.org>
In-Reply-To: <5.0.2.1.1.20031118163606.031db020@popserver.sfu.ca>
References: <xzp7k1yxdev.fsf@dwp.des.no>
	<5.0.2.1.1.20031117165641.03101720@popserver.sfu.ca>
	<xzp7k1yxdev.fsf@dwp.des.no>
	<5.0.2.1.1.20031118163606.031db020@popserver.sfu.ca>
X-Mailer: Sylpheed version 0.9.7 (GTK+ 1.2.10; i386-portbld-freebsd4.9)
X-Face: %]+HVL}K`P8>+8ZcY-WGHP6j@&mxMo9JH6_WdgIgUGH)JX/usO0%jy7T~IVgqjumD^OBqX,Kv^-GM6mlw(fI^$"QRKyZ$?xx/
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
cc: des@des.no
cc: freebsd-stable@freebsd.org
cc: colin.percival@wadham.ox.ac.uk
cc: imp@bsdimp.com
cc: caroloveres@yahoo.com
Subject: Re: Secure updating of OS and ports
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Nov 2003 19:41:05 -0000

On Tue, 18 Nov 2003 16:42:52 +0000
Colin Percival <colin.percival@wadham.ox.ac.uk> wrote:

...
CP> segments on which the above reside.  It's *almost* as secure as http
CP> -- but not quite, since the mirror system provides another point of
CP> attack.
CP>    If everyone used ssh tunnels to cvsup-master, this wouldn't be an 
CP> issue... but that isn't an option.

	You could raise the bar by pulling the repository from one mirror
and the source tree from another and doing a cvs diff. Refer to the
mirrors by IP address to push the DNS issue out of the way. Confirm
connections with netstat -anf inet once established. Wait 24 hours
before deploying - if anything got through that lot it is likely to be
widespread and noticed or someone very determined who has it in for you.

-- 
C:>WIN                                      |     Directable Mirrors
The computer obeys and wins.                |A Better Way To Focus The Sun
You lose and Bill collects.                 |  licenses available - see:
                                            |   http://www.sohara.org/