From owner-freebsd-questions@FreeBSD.ORG  Fri Jan  2 19:04:30 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6C338106566C
	for <freebsd-questions@freebsd.org>;
	Fri,  2 Jan 2009 19:04:30 +0000 (UTC)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from wojtek.tensor.gdynia.pl (wojtek.tensor.gdynia.pl
	[IPv6:2001:4070:101:2::1])
	by mx1.freebsd.org (Postfix) with ESMTP id AEF138FC1A
	for <freebsd-questions@freebsd.org>;
	Fri,  2 Jan 2009 19:04:28 +0000 (UTC)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from wojtek.tensor.gdynia.pl (localhost [IPv6:::1])
	by wojtek.tensor.gdynia.pl (8.14.3/8.14.3) with ESMTP id n02J4BpQ039577;
	Fri, 2 Jan 2009 20:04:11 +0100 (CET)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from localhost (wojtek@localhost)
	by wojtek.tensor.gdynia.pl (8.14.3/8.14.3/Submit) with ESMTP id
	n02J4AWw039574; Fri, 2 Jan 2009 20:04:10 +0100 (CET)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Date: Fri, 2 Jan 2009 20:04:10 +0100 (CET)
From: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl>
To: cpghost <cpghost@cordula.ws>
In-Reply-To: <20090102180524.GA1742@phenom.cordula.ws>
Message-ID: <20090102200221.K39573@wojtek.tensor.gdynia.pl>
References: <20090102164412.GA1258@phenom.cordula.ws>
	<cd6b4a5b0901020926t11dc7817j74e44cf61980f262@mail.gmail.com>
	<20090102180524.GA1742@phenom.cordula.ws>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-questions@freebsd.org, Matt <datahead4@gmail.com>
Subject: Re: Foiling MITM attacks on source and ports trees
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jan 2009 19:04:30 -0000

> It's a beginning for sure. I assume (403 error) Max generates and
> saves digests on his snapshots and the verification script does the
> same locally and simply compares both lists.
>
it's plain paranoia. Yes such attacks are possible but usually there 100 
other ways to compromise Your systems.

if one really care then make your VPN for all your computers, use one that 
is unknown for others to download portsnap etc. and then use rsync to 
populate it to other machines.