From owner-freebsd-security@FreeBSD.ORG Wed Nov 21 03:20:09 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E5A7CFA1 for ; Wed, 21 Nov 2012 03:20:09 +0000 (UTC) (envelope-from peter@rulingia.com) Received: from vps.rulingia.com (host-122-100-2-194.octopus.com.au [122.100.2.194]) by mx1.freebsd.org (Postfix) with ESMTP id 51C078FC08 for ; Wed, 21 Nov 2012 03:20:08 +0000 (UTC) Received: from server.rulingia.com (c220-239-241-202.belrs5.nsw.optusnet.com.au [220.239.241.202]) by vps.rulingia.com (8.14.5/8.14.5) with ESMTP id qAL3K5ck015465 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Wed, 21 Nov 2012 14:20:06 +1100 (EST) (envelope-from peter@rulingia.com) X-Bogosity: Ham, spamicity=0.000000 Received: from server.rulingia.com (localhost.rulingia.com [127.0.0.1]) by server.rulingia.com (8.14.5/8.14.5) with ESMTP id qAL3Jx42031345 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 21 Nov 2012 14:19:59 +1100 (EST) (envelope-from peter@server.rulingia.com) Received: (from peter@localhost) by server.rulingia.com (8.14.5/8.14.5/Submit) id qAL3Jxar031344 for freebsd-security@freebsd.org; Wed, 21 Nov 2012 14:19:59 +1100 (EST) (envelope-from peter) Date: Wed, 21 Nov 2012 14:19:59 +1100 From: Peter Jeremy To: freebsd-security@freebsd.org Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] Message-ID: <20121121031959.GA30708@server.rulingia.com> References: <20121120030445.GA38037@zjl.local> <20121120163059.GD88593@in-addr.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="J2SCkAp4GZ/dPZZf" Content-Disposition: inline In-Reply-To: <20121120163059.GD88593@in-addr.com> X-PGP-Key: http://www.rulingia.com/keys/peter.pgp User-Agent: Mutt/1.5.21 (2010-09-15) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Nov 2012 03:20:10 -0000 --J2SCkAp4GZ/dPZZf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2012-Nov-20 11:30:59 -0500, Gary Palmer wrote: >On Tue, Nov 20, 2012 at 11:26:42AM -0500, Eitan Adler wrote: >> On 20 November 2012 04:54, xenophon\+freebsd >> wrote: >> >> As of now: >> >> >> >> - SVN is *the* source of truth. >> > >> > Would it be possible to publish FreeBSD's Subversion repository using >> > HTTPS, instead of HTTP? >>=20 >> %svn ls https://svn0.us-west.FreeBSD.org/base/ > >You will get a certificate warning. The certificates used do not >appear to be officially signed by a recognised CA. The hashes of the=20 >certificate keys are on the mirror website I pointed out in my email The certificates are self-signed. Whilst the hashes are published on the FreeBSD website, that site is only available via HTTP so there's still a bootstrap issue - which I don't have a general solution for. --=20 Peter Jeremy --J2SCkAp4GZ/dPZZf Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlCsSF8ACgkQ/opHv/APuIc5vwCfWnBBlriOye74JIgsfALizn0Z 0IMAniQoDtg7sgN/UqMvjD4BahnbPq5y =vC+k -----END PGP SIGNATURE----- --J2SCkAp4GZ/dPZZf--