Date: Sat, 21 Jun 2003 19:54:14 +0200 From: William Fletcher <ultraviolet@epweb.co.za> To: chat@freebsd.org Subject: Re: Cryptographically enabled ports tree. Message-ID: <20030621175414.GC18653@tulip.epweb.co.za> In-Reply-To: <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca> References: <20030621163835.GA18653@tulip.epweb.co.za> <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
--/Uq4LBwYP4y1W6pO Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > At 18:38 21/06/2003 +0200, William Fletcher wrote: > >What I'm wondering about, is when FreeBSD is going to get > >get a cryptographically signed ports tree system setup. > > > >It isn't a must, I was just wondering other peoples opinions about this. >=20 > I've been thinking about this for a while; unfortunately I have neither= =20 > the time to implement this right now, nor enough familiarity with CVS to= =20 > make it work automagically. > If nothing happens before September, I'll probably corner some people a= t=20 > BSDCon to talk about this. >=20 > Colin Percival One other thing while I'm at making a clown of myself. Wouldn't it be an absolute joke if someone rooted a redhat box on your network, dns poisoned for cvsup.*.freebsd.org and promptly=20 found a way to create a cvsup-mirror on another machine with modified source.=20 They could then trojan /usr/src and /usr/ports and probably gain root on all your machines running FreeBSD, quick and easy.=20 Just wanted the general publics opinion of that too. Anyway, home time, expect interesting responses on monday morning. (Will sign up to security-general again). PS. Some people work for companies which inflict redhat on them. :/ =20 --=20 William Fletcher (ultraviolet) Powered by http://www.FreeBSD.org/ IT Administrator, EPWeb networks. =20 http://www.epweb.co.za/ =20 Tel: +27 (041) 395 6800 =20 Fax: +27 (041) 395 6818=09 Support: support@epweb.co.za --/Uq4LBwYP4y1W6pO Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+9JvGju3fq0dMPxsRAkSoAJsFLZtne1SkaOoF6cEVQVe+uE9M0gCfQRTb 9GFZt5MBDpjFwikWTks9+Ic= =NLzk -----END PGP SIGNATURE----- --/Uq4LBwYP4y1W6pO--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030621175414.GC18653>