From owner-freebsd-chat@FreeBSD.ORG  Mon Jun 23 03:04:31 2003
Return-Path: <owner-freebsd-chat@FreeBSD.ORG>
Delivered-To: freebsd-chat@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A4E9D37B401
	for <chat@freebsd.org>; Mon, 23 Jun 2003 03:04:31 -0700 (PDT)
Received: from mta05-svc.ntlworld.com (mta05-svc.ntlworld.com [62.253.162.45])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3B58343FB1
	for <chat@freebsd.org>; Mon, 23 Jun 2003 03:04:30 -0700 (PDT)
	(envelope-from colin.percival@wadham.ox.ac.uk)
Received: from piii600.wadham.ox.ac.uk ([81.103.196.4])
	by mta05-svc.ntlworld.comESMTP
	<20030623100428.FJNW28183.mta05-svc.ntlworld.com@piii600.wadham.ox.ac.uk>;
	Mon, 23 Jun 2003 11:04:28 +0100
Message-Id: <5.0.2.1.1.20030623105821.02cfd9c0@popserver.sfu.ca>
X-Sender: cperciva@popserver.sfu.ca
X-Mailer: QUALCOMM Windows Eudora Version 5.0.2
Date: Mon, 23 Jun 2003 11:04:15 +0100
To: ultraviolet@epweb.co.za, chat@freebsd.org
From: Colin Percival <colin.percival@wadham.ox.ac.uk>
In-Reply-To: <20030623072418.GF18653@tulip.epweb.co.za>
References: <5.0.2.1.1.20030622084009.01c8d600@popserver.sfu.ca>
 <5.0.2.1.1.20030622044124.02cc0948@popserver.sfu.ca>
 <5.0.2.1.1.20030622022111.02c1cdf8@popserver.sfu.ca>
 <5.0.2.1.1.20030621193449.02c91ce8@popserver.sfu.ca>
 <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca>
 <20030621163835.GA18653@tulip.epweb.co.za>
 <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca>
 <5.0.2.1.1.20030621193449.02c91ce8@popserver.sfu.ca>
 <5.0.2.1.1.20030622022111.02c1cdf8@popserver.sfu.ca>
 <5.0.2.1.1.20030622044124.02cc0948@popserver.sfu.ca>
 <5.0.2.1.1.20030622084009.01c8d600@popserver.sfu.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Subject: Re: Cryptographically enabled ports tree.
X-BeenThere: freebsd-chat@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Non technical items related to the community
	<freebsd-chat.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-chat>,
	<mailto:freebsd-chat-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-chat>
List-Post: <mailto:freebsd-chat@freebsd.org>
List-Help: <mailto:freebsd-chat-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-chat>,
	<mailto:freebsd-chat-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Jun 2003 10:04:32 -0000

At 09:24 23/06/2003 +0200, William Fletcher wrote:
>No use signing if cvsup is a mess.

   False.  If the ports tree is signed, people can verify its integrity 
regardless of how they obtain it.

>We need cvsup-ssl, Then, all the big security guys need to do
>is provide a public key for the cvsup-mirrors, which then get
>the public key for the big cvsup server, etc.
>
>That way, cvsup is secure, and we can trust it.

   Not good enough.  Cvsup-ssl would secure the cvsup process itself, but 
it would not protect against a malicious or damaged cvsup mirror.  We need 
end-to-end signing -- the ports tree should be signed on freefall or 
cvsup-master, and verified by the end users.

Colin Percival