From owner-freebsd-security@FreeBSD.ORG Tue Nov 29 15:36:56 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B484616A41F for ; Tue, 29 Nov 2005 15:36:56 +0000 (GMT) (envelope-from suporte@wahtec.com.br) Received: from galois.wahtec.com.br (galois.wahtec.com.br [200.96.65.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6B6CD43D46 for ; Tue, 29 Nov 2005 15:36:50 +0000 (GMT) (envelope-from suporte@wahtec.com.br) Received: (qmail 17680 invoked by uid 98); 29 Nov 2005 15:40:39 -0000 Received: from 127.0.0.1 by brasil.intranet (envelope-from , uid 1024) with qmail-scanner-1.24 (f-prot: 4.4.7/3.14.13. spamassassin: 2.63. Clear:RC:1(127.0.0.1):. Processed in 0.107409 secs); 29 Nov 2005 15:40:39 -0000 X-Qmail-Scanner-Mail-From: suporte@wahtec.com.br via brasil.intranet X-Qmail-Scanner: 1.24 (Clear:RC:1(127.0.0.1):. Processed in 0.107409 secs) Received: from unknown (HELO rickderringer) (arisjr@unknown) by unknown with SMTP; 29 Nov 2005 15:40:39 -0000 Message-ID: <002601c5f4fa$b5115320$e403000a@rickderringer> From: "aristeu" To: References: <20051129120151.5A2FB16A420@hub.freebsd.org> Date: Tue, 29 Nov 2005 13:36:31 -0200 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Nov 2005 15:36:56 -0000 I'm new here, and I've posted only once. I just want to add my "just another user" opinion on this... Signing security advisories that sends the hashes for a file does a nice job. I think the only problem that exists is the package/ports deployment. I belive we can't trust only on hashes for this (tar already does a fine job on integrity...), because it can be easily circunvented. Maybe trusting this it is the real weakest link... One thing that could do a good job is default install gnupg and pre-install some important pgp public keys on ISOs releases, on root's profile... This pre-installed keys can be used by users, ports or pkg_tools, while installing or updating packages/ports. Who will sign is another problem, but I think it will improove things a bit anyway, minimising mitm attacks. My mom used to say "always prefer the pre-installed pub keys...". []'s aristeu