From owner-freebsd-security@FreeBSD.ORG Sun Nov 18 04:56:00 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 96084956; Sun, 18 Nov 2012 04:56:00 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: from mail-da0-f54.google.com (mail-da0-f54.google.com [209.85.210.54]) by mx1.freebsd.org (Postfix) with ESMTP id 4FC518FC0C; Sun, 18 Nov 2012 04:56:00 +0000 (UTC) Received: by mail-da0-f54.google.com with SMTP id z9so1806751dad.13 for ; Sat, 17 Nov 2012 20:55:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=r4Spnbd7JOUMfsBpUZ/uOQlZGUob0EWVY4OIQYmJxBw=; b=GDJSKEIiK+yGTAgOyhKwDJR+iBD1vp41mNsyMMMCnV3ve8E8n1g+uELrV3E3Do4sCx 4ndMeHdZEi/2QfpwFPlsqpggr6dOXWzmGOswkq5s5S3xTrHtC0HLPZSG0LE9zGL2ZeQS HIQw38MXcBO27HcuAkXtN9qVC1INkZXuOYHHbq2j3AybuBGGA5BMy+q1TOF5t7g+S0cd 5npXVgmg4qLkzhY/qX0CcEbErM2PhWxI3+2C1NRjeSR65f/2PI/isw2N8rDEH5SpTB73 wM+a0q8irQWSK+oZkJbaDVpM95p+7LO7s5HqhuJ9tioEK7DBYGEvcrMAkRbw7sZTh+MO /D6A== MIME-Version: 1.0 Received: by 10.68.137.41 with SMTP id qf9mr28898631pbb.103.1353214554609; Sat, 17 Nov 2012 20:55:54 -0800 (PST) Sender: adrian.chadd@gmail.com Received: by 10.68.124.130 with HTTP; Sat, 17 Nov 2012 20:55:54 -0800 (PST) In-Reply-To: References: Date: Sat, 17 Nov 2012 20:55:54 -0800 X-Google-Sender-Auth: tMFF_cYfztIW57aV4vV_M78FNAU Message-ID: Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] From: Adrian Chadd To: grarpamp Content-Type: text/plain; charset=ISO-8859-1 X-Mailman-Approved-At: Sun, 18 Nov 2012 05:13:10 +0000 Cc: freebsd-hackers@freebsd.org, freebsd-hubs@freebsd.org, freebsd-questions@freebsd.org, freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2012 04:56:00 -0000 [snip] There's a git repository. It's public. You can look at what goes into the FreeBSD git clone to get your assurance that things aren't being snuck in. People are using it, right now. Honestly, I'd rather see subversion grow this kind of cryptographic signing of each commit in the short term then migrate everyone over to git. Those who want to use git can use it, right now. Honest. Adrian