From owner-cvs-all@FreeBSD.ORG Thu Feb 1 00:44:07 2007 Return-Path: X-Original-To: cvs-all@FreeBSD.org Delivered-To: cvs-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 223A516A400 for ; Thu, 1 Feb 2007 00:44:07 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd5mo2so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.freebsd.org (Postfix) with ESMTP id DD19B13C467 for ; Thu, 1 Feb 2007 00:44:06 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd2mr1so.prod.shaw.ca (pd2mr1so-qfe3.prod.shaw.ca [10.0.141.110]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0JCR001DUB6QSWC0@l-daemon> for cvs-all@FreeBSD.org; Wed, 31 Jan 2007 16:42:27 -0700 (MST) Received: from pn2ml10so.prod.shaw.ca ([10.0.121.80]) by pd2mr1so.prod.shaw.ca (Sun Java System Messaging Server 6.2-7.05 (built Sep 5 2006)) with ESMTP id <0JCR00A65B5MBV11@pd2mr1so.prod.shaw.ca> for cvs-all@FreeBSD.org; Wed, 31 Jan 2007 16:42:19 -0700 (MST) Received: from hexahedron.daemonology.net ([24.82.18.31]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with SMTP id <0JCR00GDDB5LDJ10@l-daemon> for cvs-all@FreeBSD.org; Wed, 31 Jan 2007 16:41:46 -0700 (MST) Received: (qmail 28104 invoked from network); Wed, 31 Jan 2007 23:41:42 +0000 Received: from unknown (HELO ?127.0.0.1?) (127.0.0.1) by localhost with SMTP; Wed, 31 Jan 2007 23:41:42 +0000 Date: Wed, 31 Jan 2007 15:41:42 -0800 From: Colin Percival In-reply-to: <20070130182032.GD892@turion.vk2pj.dyndns.org> To: Peter Jeremy Message-id: <45C12936.4050004@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Enigmail-Version: 0.94.0.0 References: <200701291905.l0TJ57fG093002@repoman.freebsd.org> <20070130182032.GD892@turion.vk2pj.dyndns.org> User-Agent: Thunderbird 1.5.0.9 (X11/20061227) Cc: cvs-ports@FreeBSD.org, Gabor Kovesdan , cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/audio/gnump3d Makefile distinfo ports/devel/bglibs Makefile ports/devel/cppi Makefile ports/devel/cvsd Makefile ports/dns/walker Makefile distinfo ports/ftp/lftp Makefile distinfo ports/ftp/twoftpd Makefile ... X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Feb 2007 00:44:07 -0000 I replied to some people about this privately, but since it's still being discussed on the list... Peter Jeremy wrote: > On Mon, 2007-Jan-29 19:05:07 +0000, Gabor Kovesdan wrote: >> Our MD5 and SHA256 are good for checking both the sanity and the >> trustiness of distfiles. > > Except that the MD5 and SHA256 checksums can't be totally trusted. > There are a variety of MITM attacks which could allow someone to alter > checksums stored on an end-user hosts. I think it's unfortunate that > the security team was not involved in this decision. Short answer: I wasn't involved in the discussion before this option was removed, but I agree with its removal. Long answer: I can't think of any circumstances where an attacker who could play games with the distinfo files would not also be able to play games with the Makefile logic -- i.e., USE_GPG protects against precisely zero attackers. The correct place for GPG to be used is to make sure that ports committers are committing the correct distinfo files in the first place, and this wasn't what USE_GPG did (or would have done if it had ever been committed, which it wasn't). Colin Percival