Date: Mon, 23 Jun 2003 11:04:15 +0100 From: Colin Percival <colin.percival@wadham.ox.ac.uk> To: ultraviolet@epweb.co.za, chat@freebsd.org Subject: Re: Cryptographically enabled ports tree. Message-ID: <5.0.2.1.1.20030623105821.02cfd9c0@popserver.sfu.ca> In-Reply-To: <20030623072418.GF18653@tulip.epweb.co.za> References: <5.0.2.1.1.20030622084009.01c8d600@popserver.sfu.ca> <5.0.2.1.1.20030622044124.02cc0948@popserver.sfu.ca> <5.0.2.1.1.20030622022111.02c1cdf8@popserver.sfu.ca> <5.0.2.1.1.20030621193449.02c91ce8@popserver.sfu.ca> <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca> <20030621163835.GA18653@tulip.epweb.co.za> <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca> <5.0.2.1.1.20030621193449.02c91ce8@popserver.sfu.ca> <5.0.2.1.1.20030622022111.02c1cdf8@popserver.sfu.ca> <5.0.2.1.1.20030622044124.02cc0948@popserver.sfu.ca> <5.0.2.1.1.20030622084009.01c8d600@popserver.sfu.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
At 09:24 23/06/2003 +0200, William Fletcher wrote: >No use signing if cvsup is a mess. False. If the ports tree is signed, people can verify its integrity regardless of how they obtain it. >We need cvsup-ssl, Then, all the big security guys need to do >is provide a public key for the cvsup-mirrors, which then get >the public key for the big cvsup server, etc. > >That way, cvsup is secure, and we can trust it. Not good enough. Cvsup-ssl would secure the cvsup process itself, but it would not protect against a malicious or damaged cvsup mirror. We need end-to-end signing -- the ports tree should be signed on freefall or cvsup-master, and verified by the end users. Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.1.20030623105821.02cfd9c0>