Date: Fri, 19 Aug 2005 09:53:36 -0400 From: Kris Kennaway <kris@obsecurity.org> To: "O. Hartmann" <ohartman@mail.uni-mainz.de> Cc: freebsd-questions@freebsd.org Subject: Re: portsnap, only for ports? Message-ID: <20050819135336.GA80271@xor.obsecurity.org> In-Reply-To: <4305B88D.3030202@mail.uni-mainz.de> References: <4305B88D.3030202@mail.uni-mainz.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--5mCyUwZo2JvN/JJP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Aug 19, 2005 at 12:46:37PM +0200, O. Hartmann wrote: > Hello. > I have some questions about portsnap. The intention of portsnap seems to= =20 > be reasonable. But I miss a similar facility updating the operating=20 > system! One of the major arguments using portsnap is to avoid the=20 > intrusion of malicous code, injected via a 'man in the middle'. Thinking= =20 > of so called root-kits it makes more sense to me securing the updates of= =20 > source code of the operating system also or at first place. Are there=20 > any plans doing so? Or alternatives? I still use CVS updating the source= =20 > code. Stick to releases, which have signed MD5 checksums that you can verify prior to installing. Kris --5mCyUwZo2JvN/JJP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDBeRgWry0BWjoQKURAtqCAKDWxbbDdzYZxE0vOuIeHo/rdg7v/gCg1Ssl WafSZfKGMYdQ5MKUqRLi6lA= =HELE -----END PGP SIGNATURE----- --5mCyUwZo2JvN/JJP--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050819135336.GA80271>