From owner-freebsd-questions@FreeBSD.ORG Fri Aug 19 13:53:38 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D1DB316A41F for ; Fri, 19 Aug 2005 13:53:38 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from fileserver.fields.utoronto.ca (fileserver.fields.utoronto.ca [128.100.216.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 64B8743D49 for ; Fri, 19 Aug 2005 13:53:38 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from fields.fields.utoronto.ca (fields.localdomain [192.168.216.11]) by fileserver.fields.utoronto.ca (8.12.8/8.12.8/Fields 6.0) with ESMTP id j7JDrbvf010851 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 19 Aug 2005 09:53:37 -0400 Received: from obsecurity.dyndns.org (localhost.localdomain [127.0.0.1]) by fields.fields.utoronto.ca (8.12.8/8.12.8/Fields WS 6.0) with ESMTP id j7JDrb6P004214; Fri, 19 Aug 2005 09:53:37 -0400 Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id D9D5D5137D; Fri, 19 Aug 2005 09:53:36 -0400 (EDT) Date: Fri, 19 Aug 2005 09:53:36 -0400 From: Kris Kennaway To: "O. Hartmann" Message-ID: <20050819135336.GA80271@xor.obsecurity.org> References: <4305B88D.3030202@mail.uni-mainz.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="5mCyUwZo2JvN/JJP" Content-Disposition: inline In-Reply-To: <4305B88D.3030202@mail.uni-mainz.de> User-Agent: Mutt/1.4.2.1i Cc: freebsd-questions@freebsd.org Subject: Re: portsnap, only for ports? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Aug 2005 13:53:38 -0000 --5mCyUwZo2JvN/JJP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Aug 19, 2005 at 12:46:37PM +0200, O. Hartmann wrote: > Hello. > I have some questions about portsnap. The intention of portsnap seems to= =20 > be reasonable. But I miss a similar facility updating the operating=20 > system! One of the major arguments using portsnap is to avoid the=20 > intrusion of malicous code, injected via a 'man in the middle'. Thinking= =20 > of so called root-kits it makes more sense to me securing the updates of= =20 > source code of the operating system also or at first place. Are there=20 > any plans doing so? Or alternatives? I still use CVS updating the source= =20 > code. Stick to releases, which have signed MD5 checksums that you can verify prior to installing. Kris --5mCyUwZo2JvN/JJP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDBeRgWry0BWjoQKURAtqCAKDWxbbDdzYZxE0vOuIeHo/rdg7v/gCg1Ssl WafSZfKGMYdQ5MKUqRLi6lA= =HELE -----END PGP SIGNATURE----- --5mCyUwZo2JvN/JJP--