From owner-freebsd-security@freebsd.org Fri Oct 4 17:22:53 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B7DD3133F33; Fri, 4 Oct 2019 17:22:53 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: from mail-oi1-f196.google.com (mail-oi1-f196.google.com [209.85.167.196]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46lGsm6nWxz4bcn; Fri, 4 Oct 2019 17:22:52 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: by mail-oi1-f196.google.com with SMTP id m16so6427466oic.5; Fri, 04 Oct 2019 10:22:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=41wyONT/jCdqrWpuHx9S2fZxmUxyz8x4I6gNx8g+wDY=; b=QfBonVy4g/NBdC/cabH+29DxmW65GmPbYT4Hd93kAKZJLNGSxfceglOq8+WWiD95jL lGx1SfYJ6QLUPaqj7A+hqyV4AfD2GOkLqu2xdW7BaDqv2ubLIlyOvqvbei29CXP9Ha3I r/hXvuwgaWn4IHoTLHHXdHKCBk7oly0SP0tMceQEEb9X1txzRNGgrVWN/2rh4uVaQIZ+ OV2LPs9KMcPGTBposm67tTSzHd/gFabuKfmJOeYmdKPFwXH0MnyzpBsKDu3fFHk4DuND BvNKh4pA6zEkjOWIs3MU6qBh5+8hd5j/Hljr2bJp1VedECHgCtPMl+FjAC8lDl5hmXUi s40Q== X-Gm-Message-State: APjAAAU2zlk2oEbVg+BN9hp01HEzOI8OC1L015xhL6QCMLToSlA9Tv/B zWVNpCieK2fGgUr1LjYfnkgBhzbFodE/exvVTw0= X-Google-Smtp-Source: APXvYqxvmFiP1WFGsjumxxVTM8b2C+Xrs/aEMpKFzP+ffmovWHhci+pq4iFK8R/58EWaCUfPyAL7a4PQSv237JoKkoY= X-Received: by 2002:aca:304b:: with SMTP id w72mr7731009oiw.126.1570209771415; Fri, 04 Oct 2019 10:22:51 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Igor Mozolevsky Date: Fri, 4 Oct 2019 18:22:15 +0100 Message-ID: Subject: Re: Git/Mtn for FreeBSD, PGP WoT Sigs, Merkel Hash Tree Based To: grarpamp Cc: freebsd security , Hackers freeBSD , freebsd-questions@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 46lGsm6nWxz4bcn X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of mozolevsky@gmail.com designates 209.85.167.196 as permitted sender) smtp.mailfrom=mozolevsky@gmail.com X-Spamd-Result: default: False [-3.09 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17:c]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; DMARC_NA(0.00)[hybrid-lab.co.uk]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[196.167.85.209.list.dnswl.org : 127.0.5.0]; IP_SCORE(-1.09)[ipnet: 209.85.128.0/17(-3.27), asn: 15169(-2.16), country: US(-0.05)]; FORGED_SENDER(0.30)[igor@hybrid-lab.co.uk,mozolevsky@gmail.com]; FREEMAIL_TO(0.00)[gmail.com]; RWL_MAILSPIKE_POSSIBLE(0.00)[196.167.85.209.rep.mailspike.net : 127.0.0.17]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[igor@hybrid-lab.co.uk,mozolevsky@gmail.com]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-Mailman-Approved-At: Sat, 12 Oct 2019 23:27:58 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Oct 2019 17:22:53 -0000 On Fri, 20 Sep 2019 at 22:01, grarpamp wrote: > > For consideration... > > SVN really may not offer much in the way of native > internal self authenticating repo to cryptographic levels > of security against bitrot, transit corruption and repo ops, > external physical editing, have much signing options, etc. > Similar to blockchain and ZFS hash merkle-ization, > signing the repo init and later points tags commits, > along with full verification toolset, is useful function. Isn't UNIX(TM) philosophy that a program should do one thing and do it well? Just because people can't be bothered to learn to use multiple tools to do *multiple* tasks on the same dataset, is not a reason, let alone "the reason," to increase any program complexity to orders of N^M^K^L so that one "foo checkout" does all the things one wants! Incidentally, how does that saying go, if you think "crypto" is the solution to your problem, then ... (I'm slightly paraphrasing, of course). When crypto invalidates a repo, how would it be different from seeing non ASCII characters in plain ASCII files, or sudden refusal to compile---one way or another you'd still need to restore from BACKUP, hence crypto IS NOT a substitute for good data keeping practices. Also, what empirical data do you have for repo bitrot/transit corruption that is NOT caught by underlying media? -- Igor M.