From owner-freebsd-chat@FreeBSD.ORG  Sat Jun 21 11:38:44 2003
Return-Path: <owner-freebsd-chat@FreeBSD.ORG>
Delivered-To: freebsd-chat@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 91EFA37B401
	for <chat@freebsd.org>; Sat, 21 Jun 2003 11:38:44 -0700 (PDT)
Received: from mta05-svc.ntlworld.com (mta05-svc.ntlworld.com [62.253.162.45])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 735E343F75
	for <chat@freebsd.org>; Sat, 21 Jun 2003 11:38:43 -0700 (PDT)
	(envelope-from colin.percival@wadham.ox.ac.uk)
Received: from piii600.wadham.ox.ac.uk ([81.103.196.4])
	by mta05-svc.ntlworld.comESMTP
	<20030621183841.DITR28183.mta05-svc.ntlworld.com@piii600.wadham.ox.ac.uk>;
	Sat, 21 Jun 2003 19:38:41 +0100
Message-Id: <5.0.2.1.1.20030621193449.02c91ce8@popserver.sfu.ca>
X-Sender: cperciva@popserver.sfu.ca
X-Mailer: QUALCOMM Windows Eudora Version 5.0.2
Date: Sat, 21 Jun 2003 19:38:38 +0100
To: ultraviolet@epweb.co.za, chat@freebsd.org
From: Colin Percival <colin.percival@wadham.ox.ac.uk>
In-Reply-To: <20030621175414.GC18653@tulip.epweb.co.za>
References: <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca>
 <20030621163835.GA18653@tulip.epweb.co.za>
 <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Subject: Re: Cryptographically enabled ports tree.
X-BeenThere: freebsd-chat@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Non technical items related to the community
	<freebsd-chat.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-chat>,
	<mailto:freebsd-chat-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-chat>
List-Post: <mailto:freebsd-chat@freebsd.org>
List-Help: <mailto:freebsd-chat-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-chat>,
	<mailto:freebsd-chat-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Jun 2003 18:38:44 -0000

At 19:54 21/06/2003 +0200, William Fletcher wrote:
>One other thing while I'm at making a clown of myself.
>
>Wouldn't it be an absolute joke if someone rooted a redhat box on
>your network, dns poisoned for cvsup.*.freebsd.org and promptly
>found a way to create a cvsup-mirror on another machine
>with modified source.

   I'm not sure I'd use the word "joke"... yes, that would definitely be a 
problem.
   Another security problem is FTP installs; sysinstall doesn't have any 
sort of signature verification built in, so anyone doing an FTP install 
could find themselves installing trojans.  The only secure distribution, 
AFAIK, is the ISO image, because the MD5 sum of that is announced in a 
(signed) release announcement.

Colin Percival