From owner-freebsd-questions@FreeBSD.ORG  Sun Jan 13 19:30:21 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3B13716A417
	for <freebsd-questions@freebsd.org>;
	Sun, 13 Jan 2008 19:30:21 +0000 (UTC)
	(envelope-from fbsd06+SD=a103e584@mlists.homeunix.com)
Received: from turtle-out.mxes.net (turtle-out.mxes.net [216.86.168.191])
	by mx1.freebsd.org (Postfix) with ESMTP id 0947613C465
	for <freebsd-questions@freebsd.org>;
	Sun, 13 Jan 2008 19:30:20 +0000 (UTC)
	(envelope-from fbsd06+SD=a103e584@mlists.homeunix.com)
Received: from mxout-04.mxes.net (mxout-04.mxes.net [216.86.168.179])
	by turtle-in.mxes.net (Postfix) with ESMTP id 10C69163F5F
	for <freebsd-questions@freebsd.org>;
	Sun, 13 Jan 2008 14:11:39 -0500 (EST)
Received: from gumby.homeunix.com. (unknown [87.81.140.128])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.mxes.net (Postfix) with ESMTP id 44DBED05B8
	for <freebsd-questions@freebsd.org>;
	Sun, 13 Jan 2008 14:11:36 -0500 (EST)
Date: Sun, 13 Jan 2008 19:11:29 +0000
From: RW <fbsd06@mlists.homeunix.com>
To: freebsd-questions@freebsd.org
Message-ID: <20080113191129.7b56c32f@gumby.homeunix.com.>
In-Reply-To: <cb5b777d0801130217r6467751ay634d0111617afc05@mail.gmail.com>
References: <cb5b777d0801130217r6467751ay634d0111617afc05@mail.gmail.com>
X-Mailer: Claws Mail 3.0.2 (GTK+ 2.12.5; i386-portbld-freebsd7.0)
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: Secure update of /usr/src
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Jan 2008 19:30:21 -0000

On Sun, 13 Jan 2008 11:17:13 +0100
"=E6=96=87=E9=B3=A5" <bunchou@googlemail.com> wrote:

> Hello all,
>=20
> is there any way to securely follow the STABLE branch of FreeBSD, e.g.
> a cryptographically signed distribution method like portsnap? Afaik,
> the usual update methods (CVSup, etc.) do not include any
> authentication / integrity checking. Am I missing something here?

I guess you could use anonymous cvs over ssh. The servers and their
fingerprints are listed in the Handbook.