Date: Sat, 25 Aug 2007 23:25:23 +0200 From: "Martin Laabs" <martin.laabs@mailbox.tu-dresden.de> To: freebsd-questions@freebsd.org Subject: secure /usr/src update Message-ID: <op.txmwgla6724k7f@martin>
next in thread | raw e-mail | index | archive | help
Hello, as far as I know neither CVSup, CTM nor (anonymous) CVS support any kind of (cryptographic) signing or encryption. Now I'd like to know if it is possible to obtain or update the base system in a secure and reliable way at all. For the ports collection there is portsnap which seems for me - in respect to the security issue - well concepted. Also, if I buy a (pressed) DVD I (hopefully) can trust the integrity of the system I install. (And with this DVD I'll receive the keyprint of portsnap on a - hopefull sufficient - secure way.) Solely the update of the /usr/src branch seems to be easily attackable by some standard stream inserting or very simple man in the middle attacks. Do you have any suggestions? Thank you, Martin Laabs
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.txmwgla6724k7f>