Date: Tue, 10 Nov 2009 10:54:04 -0800 From: Xin LI <delphij@delphij.net> To: Eitan Adler <eitanadlerlist@gmail.com> Cc: ports@freebsd.org Subject: Re: RFC: svn for make fetch Message-ID: <4AF9B6CC.5090308@delphij.net> In-Reply-To: <a0777e080911092251r3dd39303q4f309aaf4076daf@mail.gmail.com> References: <a0777e080911080731w461e6733peb0a5473acf07aa8@mail.gmail.com> <4AF897A4.3070408@delphij.net> <20091109225232.GA34294@lor.one-eyed-alien.net> <a0777e080911092251r3dd39303q4f309aaf4076daf@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Eitan Adler wrote: > Correct me if I'm wrong but I thought that svn did its own checksumming. > If so why do we need to our own? "In God we trust, everyone else must have an X.509 certificate." Well, that's not necessarily be a X.509 certificate but it must be some form of signature, as it's not too hard to replace a specific revision in svn if the server gets compromised. Cheers, - -- Xin LI <delphij@delphij.net> http://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.13 (FreeBSD) iEYEARECAAYFAkr5tssACgkQi+vbBBjt66BdpACdH5+RSlwKN10x8MiGFYiuX0dL L94An1N1uYCFUYJo0f0U2jZgqRK7emo1 =jFoS -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AF9B6CC.5090308>