Date: Tue, 20 Nov 2012 15:45:20 +0000 From: Matthew Seaman <matthew@freebsd.org> To: freebsd-security@freebsd.org Subject: Re: Recent security announcement and csup/cvsup? Message-ID: <50ABA590.5090600@freebsd.org> In-Reply-To: <20121120100148.GA93826@roberto-aw.eurocontrol.fr> References: <20121117150556.GE24320@in-addr.com> <alpine.BSF.2.00.1211171705170.32838@m.fuglos.org> <20121118180421.GF24320@in-addr.com> <20121120100148.GA93826@roberto-aw.eurocontrol.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
On 20/11/2012 10:01, Ollivier Robert wrote: > According to Gary Palmer on Sun, Nov 18, 2012 at 01:04:21PM -0500: >> > In other words: while signed updates via freebsd-update and portsnap >> > are great for a good chunk of users, they don't address everyones needs. > Hopefully, with the move toward kngng, there will be less need of portsnap (and /usr/ports for that matter). kngng? I had visions of Kerberized pkgng there for a moment... pkgng will have a crypto-signing mechanism for packages with per-repository public keys and so forth. It's not there yet -- stuff is awaiting review by security team people, who are (even moreso, given current events) generally insanely busy. This will allow everyone to be confident that the packages they install are as generated on the build system used to generate them. Which won't help at all if an attacker can subvert either the mechanisms by which the build system gets its source code[*], or the source repositories that code comes from -- and remember, since this is the ports, that code comes from all sorts of places of greater and lesser security. In that sense, pkgng offers no fundamental security advantage over using the ports directly yourself. pkgng will be more convenient and a lot quicker, but it isn't meant to entirely replace the ports. Cheers, Matthew [*] Including faking the SHA checksums of the distfiles, which is a little extra step that seems to elude most attackers and that has resulted in uncovering such attacks in the past.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50ABA590.5090600>