From owner-freebsd-current@freebsd.org Wed Dec 30 05:07:54 2020 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4FA494D694A for ; Wed, 30 Dec 2020 05:07:54 +0000 (UTC) (envelope-from bsd-lists@bsdforge.com) Received: from udns.ultimatedns.net (static-24-113-41-81.wavecable.com [24.113.41.81]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "ultimatedns.net", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4D5K6f0FQyz4dBG; Wed, 30 Dec 2020 05:07:53 +0000 (UTC) (envelope-from bsd-lists@bsdforge.com) Received: from ultimatedns.net (localhost [127.0.0.1]) by udns.ultimatedns.net (8.16.1/8.16.1) with ESMTP id 0BU58Rgb099796; Tue, 29 Dec 2020 21:08:33 -0800 (PST) (envelope-from bsd-lists@bsdforge.com) MIME-Version: 1.0 Date: Tue, 29 Dec 2020 21:08:27 -0800 From: Chris To: Brooks Davis , Thomas Mueller , freebsd-current@freebsd.org Subject: Re: HEADS UP: FreeBSD src repo transitioning to git this weekend In-Reply-To: <274d765e4a841b5d52239d2dae58175e@bsdforge.com> References: <5fdc0b90.1c69fb81.866eb.8c29SMTPIN_ADDED_MISSING@mx.google.com> <20201218175241.GA72552@spindle.one-eyed-alien.net> <20201218182820.1P0tK%steffen@sdaoden.eu> <20201223023242.GG31099@funkthat.com> <20201223162417.v7Ce6%steffen@sdaoden.eu> <20201229011939.GU31099@funkthat.com> <20201229210454.Lh4y_%steffen@sdaoden.eu> <20201230004620.GB31099@funkthat.com> <274d765e4a841b5d52239d2dae58175e@bsdforge.com> User-Agent: UDNSMS/17.0 Message-ID: <763bf958855f8eb181dfa5d40568a008@bsdforge.com> X-Sender: bsd-lists@bsdforge.com Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4D5K6f0FQyz4dBG X-Spamd-Bar: / X-Spamd-Result: default: False [0.00 / 15.00]; ASN(0.00)[asn:11404, ipnet:24.113.0.0/16, country:US]; local_wl_ip(0.00)[24.113.41.81] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Dec 2020 05:07:54 -0000 On 2020-12-29 20:59, Chris wrote: > On 2020-12-29 16:46, John-Mark Gurney wrote: >> Steffen Nurpmeso wrote this message on Tue, Dec 29, 2020 at 22:04 +0100: >>> |SolarWinds supply chain attack, being able to smuggle a modified file >>> |into a git repo, say an OS's build server, such that the tools don't >>> |know the tree is modified is a real problem... >>> >>> SHA-256 arrives, if you look at the git history. Until then >>> signing a git tag even with SHA-1 is better than being unsealed. >> >> Actually, no it is not. It provides a false sense a security. SHA-1 >> should only be used as a checksum (detecting non-malicous corruption) >> now. >> >> There's a reason I stopped signing (and even removed the historical >> signatures) of the magnet links that I produce for FreeBSD. >> >> This is also why I expanded the snapaid tool to support releases, to >> make it extermely easy to verify signatures: >> https://www.funkthat.com/gitea/jmg/snapaid >> >>> This attack, well, interesting that FreeBSD with so many >>> developers with ssh push hasn't been soiled more often. I am >> >> And that is why it isn't a major problem yet, in that there are >> additional layers of security, both ssh and https that help >> ensure integrity of the repo in transit... >> >>> cautious regarding such, there is a tremendous amount of >>> propaganda against Russia and China going on .. and then who >>> tapped the cables, who has the budget, hmm. I have read one US >>> national security alert report once, and all i could see was >> >> I am well aware of this, and infact, the reason I've been pushing >> for better security like this IS because of the actions of the NSA... >> I used to get lunch on a weekly basis across the street from one >> of the early revealed NSA wiretap rooms. > OK I've been pondering this since last night. If this is a reasonable > concern, and given all that's already gone into coercing git into > something FreeBSD friendly. Is it reasonable to consider putting all > that effort that's already been excreted, and what would need to be > done. To cobble up a FreeBSD version? [tongue-in-cheek] > fuk-git -- FreeBSDUsersCare-git. Sorry. It's a strain. But I needed face-palm; that was: fuc-git. A failed attempt at wit. :-( the rest holds true. > that acronym. > Seriously tho. It wouldn't be that hard to provide sha384(1) at a minimum. > Better; hmac-sha384, or any of a number of other digests. I'm just > thinking that if everyone pitched in, what with all the other work > that's already been done. It'd all get done on a timeline that wouldn't > leave the FreeBSD repo unsafe. > Mind you; much of this is all conceptual. But I just thought (hoped) it > might be worth while. > > --Chris > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"