From owner-freebsd-security@freebsd.org Fri Sep 18 13:47:01 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DBD4D9CFC83; Fri, 18 Sep 2015 13:47:01 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id C8D6B1CDD; Fri, 18 Sep 2015 13:47:01 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from FreeBSD.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by freefall.freebsd.org (Postfix) with ESMTP id 31A9A1726; Fri, 18 Sep 2015 13:47:01 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Date: Fri, 18 Sep 2015 13:46:59 +0000 From: Glen Barber To: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= Cc: grarpamp , freebsd-security@freebsd.org, freebsd-questions@freebsd.org Subject: Re: HTTPS on freebsd.org, git, reproducible builds Message-ID: <20150918134659.GB28949@FreeBSD.org> References: <86vbb7dhaa.fsf@nine.des.no> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="wq9mPyueHGvFACwf" Content-Disposition: inline In-Reply-To: <86vbb7dhaa.fsf@nine.des.no> X-Operating-System: FreeBSD 11.0-CURRENT amd64 X-SCUD-Definition: Sudden Completely Unexpected Dataloss X-SULE-Definition: Sudden Unexpected Learning Event X-PEKBAC-Definition: Problem Exists, Keyboard Between Admin/Computer User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Sep 2015 13:47:02 -0000 --wq9mPyueHGvFACwf Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Sep 18, 2015 at 02:49:01PM +0200, Dag-Erling Sm=F8rgrav wrote: > > These days these flaws are more than a bit ridiculous, >=20 > You seem to be implying that everybody else is doing it except us. This > is not true. Debian and Fedora are or have been working on it but with > no success to date. >=20 In fact, Debian has been kind enough to even provide a page that shows which parts of the FreeBSD build are non-reproducible. https://reproducible.debian.net/freebsd/freebsd.html Glen --wq9mPyueHGvFACwf Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJV/BXTAAoJEAMUWKVHj+KTtPMP/3HdUb/99vq3SVyMOSTsnmPv q70lCIjEC6xmTIazzl1Dh9pLn0nYwfvrHWDDS2ph3saAUZhPJKM7B1NH9fX+oe9S qPX/UlhddZKEf0UKCpk+Cl6xznpPp+3zd560y2VIO0WIEpwb0Ly3bDQ4YkqyZeKN wwTEN1QRX6/Gqa5apXdDhLb3iNCDykegIs8lyjTTtnEOHCr3hQjvC/Otgzoi2KVt EGmNIUo4J0C4zG4HRpLNjVhULpk2u6sUpCVECo1Ybs/a9KvFyf3+f0ifhfs7ANmd ncJWzPdhehYM8M6LEOmo+hDPio5zrvbYqpr1Uifkp3z8l2ytDugCedGaX2wF9Z77 nyBbYVeZ/FjtI2yYzWRdR/zN+pCmHkMGt7o6LMumRSA70K3H2g+bxYJDbE9TKKZ2 bVU103fxDy1sclHvfKwvKQrj4MnBHJYPLOse531M+AFYlIbfdD8RM6886T+hdo8i rEaCORJAQYyrQoFOQYSeC1JETiZT3Oy1/aETGa9gVhozp3bX7R2NIEMop/sViILZ Q+PSC5f0zpW8zzv+/3lKrwKMhRB5jTaX98NLYrzzCEv9BQFe/pmvRBvZY9fNwI/d sBObv4TTvf1D3LyqhARBBA/plqMDykdTZXDWzUYa6y/ETT32Rq7KqLL65EQ7xSQ5 2jvqDyhaVmGP+X/brZOk =ir38 -----END PGP SIGNATURE----- --wq9mPyueHGvFACwf--