Date: Wed, 21 Nov 2012 06:18:13 +0000 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-security@freebsd.org Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] Message-ID: <50AC7225.2070906@FreeBSD.org> In-Reply-To: <20121121033750.48D8B2B723EB@drugs.dv.isc.org> References: <CAD2Ti29UoFcHendR8CcdQ4FPNW1HH0O47B1i3JW00Lke2m2POg@mail.gmail.com> <CAJ-VmonryjAOW-Ty%2Bs3wj6BfWiQzxSL-waEYnQ5wLv4eFjQ_4Q@mail.gmail.com> <20121120030445.GA38037@zjl.local> <CAF6rxgkcuCRssMniTSapK92aJOkcg996tF2o22yuKG1pt6mbdQ@mail.gmail.com> <BABF8C57A778F04791343E5601659908236D2B@cinip100ntsbs.irtnog.net> <CAF6rxg=RLBm=RDh=WxqwJV2F9LxwC8vExDabAjiyycLrZvu2Hw@mail.gmail.com> <20121120163059.GD88593@in-addr.com> <20121121031959.GA30708@server.rulingia.com> <20121121033750.48D8B2B723EB@drugs.dv.isc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigF34D7DB1FB0961A1817C83B4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 21/11/2012 03:37, Mark Andrews wrote: >> The certificates are self-signed. Whilst the hashes are published on >> > the FreeBSD website, that site is only available via HTTP so there's= >> > still a bootstrap issue - which I don't have a general solution for.= > See DANE, RFC 6698. Which means getting the FreeBSD.org domain signed using DNSSEC. Something I'd be very happy to see. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey --------------enigF34D7DB1FB0961A1817C83B4 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlCsci4ACgkQ8Mjk52CukIxNogCfe9PZry+ejaa86Us5ueQhFHw+ ioEAn09lasIPuDPYeluU8x4RMh7SBKg7 =A+ww -----END PGP SIGNATURE----- --------------enigF34D7DB1FB0961A1817C83B4--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50AC7225.2070906>