From owner-freebsd-questions@FreeBSD.ORG Sat Jan 16 18:42:09 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 129D31065679 for ; Sat, 16 Jan 2010 18:42:09 +0000 (UTC) (envelope-from lalev.angelin@gmail.com) Received: from mail-fx0-f227.google.com (mail-fx0-f227.google.com [209.85.220.227]) by mx1.freebsd.org (Postfix) with ESMTP id 9FE628FC0C for ; Sat, 16 Jan 2010 18:42:08 +0000 (UTC) Received: by fxm27 with SMTP id 27so1093379fxm.3 for ; Sat, 16 Jan 2010 10:42:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=VQm27YTori+wqe9tRmEopn3zqLswmmduVpvcrIXdj7Q=; b=uUYl2oNcC8VfR+mKjZ1b2I8Jil55dwQriFArgXGDe5PzB8vDy+C/mEq6hXF1ETSmhm Kyie3wFlzfLf0gU/J+yZFyqNfPofCzqTIEfpd9sIyOuhgBsR8NQcDV5KWXbuab6DJZkA zVypmZ+jOyTQn8bEP5jOmFiK7w7uFxE6uCBmY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=M4Z4u4BUIn7wiPVMCJawd5q6GM7FHbbV3PTb4rbezP9CswkAB05tvkqVKm0Sk1kyig hR6lroa3RngwMlf+nJL6mdizgafcM1jjcfHRqYF6sqMH6z5lPtEE97PBRdfF4hMox+Ld N429jcr/8xYE2hbjwl/SnJveavlQREVldZFE8= MIME-Version: 1.0 Received: by 10.239.191.145 with SMTP id b17mr396892hbi.72.1263667319971; Sat, 16 Jan 2010 10:41:59 -0800 (PST) Date: Sat, 16 Jan 2010 20:41:59 +0200 Message-ID: <532b03711001161041v2400389v915c0fee80dcd840@mail.gmail.com> From: Angelin Lalev To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: Secure method for fetching freebsd sources ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Jan 2010 18:42:09 -0000 Greetings, Which is the *secure* way of fetching freebsd sources? Cvsup looks prone to MiM attacks, CTM looks promising, but only if I have been member of the appropriate ctm list since the release of 8.0. (it seems that the ctm deltas on the ftp are not signed.). Do FreeBSD cvs servers support ssh instead of rsh access as OpenBSD server do? Other alternatives? Please note that this is not a theoretical question. I really have a system which i'll put in a place I don't trust, so I'll try to encrypt everything from the disk to the connections which I will use for updating.