From owner-freebsd-questions@FreeBSD.ORG Sun Aug 26 08:22:21 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 26F3216A418 for ; Sun, 26 Aug 2007 08:22:21 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [IPv6:2001:8b0:151:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id 7C89F13C47E for ; Sun, 26 Aug 2007 08:22:20 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost.infracaninophile.co.uk [IPv6:::1]) by smtp.infracaninophile.co.uk (8.14.1/8.14.1) with ESMTP id l7Q8MF0u045106; Sun, 26 Aug 2007 09:22:15 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=infracaninophile.co.uk; s=200708; t=1188116535; bh=RdQYmGioFp1h0e Nl8fbbY2upW7+vKyhnd6fg71KEcIk=; h=Message-ID:Date:From:Organization: User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To: X-Enigmail-Version:Content-Type:Content-Transfer-Encoding:Cc: Content-Type:Date:From:In-Reply-To:Message-ID:Mime-Version: References:To; b=nvZyISXCxJSuHQgzU8zo1QvffXfGo9/UCYQhT4I6lPGXmxN7F q/nPPm6GN75zOG/9EL4/hgo/mERdk5ukf+lud+uT71ox+Zjn9Hcxstq+CfmY7bFdn19 MDIurLLDCfFyEiq3DEAlK96mKLCEnlGcPNYNTnHmeahvoU8dQVR0YGg= Message-ID: <46D13836.6070006@infracaninophile.co.uk> Date: Sun, 26 Aug 2007 09:22:14 +0100 From: Matthew Seaman Organization: Infracaninophile User-Agent: Thunderbird 2.0.0.6 (X11/20070803) MIME-Version: 1.0 To: Martin Laabs References: In-Reply-To: X-Enigmail-Version: 0.95.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (smtp.infracaninophile.co.uk [IPv6:::1]); Sun, 26 Aug 2007 09:22:15 +0100 (BST) X-Virus-Scanned: ClamAV 0.91.1/4064/Sun Aug 26 02:30:46 2007 on happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.9 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VERIFIED,NO_RELAYS autolearn=ham version=3.2.3 X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on happy-idiot-talk.infracaninophile.co.uk Cc: freebsd-questions@freebsd.org Subject: Re: secure /usr/src update X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Aug 2007 08:22:21 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Martin Laabs wrote: > as far as I know neither CVSup, CTM nor (anonymous) CVS support any > kind of (cryptographic) signing or encryption. > Now I'd like to know if it is possible to obtain or update the base system > in a secure and reliable way at all. For the ports collection there is > portsnap which seems for me - in respect to the security issue - well > concepted. http://www.daemonology.net/freebsd-update/ although that page is now legacy, as FreeBSD update is a fully blessed part of the base system in 6.2+ It's from the same person (Colin Percival) who bought us portsnap, and he just happens to be FreeBSD security office too... Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG0Tg28Mjk52CukIwRCJb6AKCU8nfoipsiat6GOCEEoO/9W7ntxwCeJWch m52WDdhBauNUdo26in193yo= =H16f -----END PGP SIGNATURE-----