Date: Tue, 12 Dec 2017 18:22:19 +0100 From: Jan Bramkamp <crest@rlwinm.de> To: freebsd-security@freebsd.org Subject: Re: http subversion URLs should be discontinued in favor of https URLs Message-ID: <f019de34-e53e-836d-641b-01c02017415d@rlwinm.de> In-Reply-To: <26440.1513088888@critter.freebsd.dk> References: <20171205231845.5028d01d@gumby.homeunix.com> <CADWvR2gVn8H5h6LYB5ddwUHYwDtiLCuYndsXhJywi7Q9vNsYvw@mail.gmail.com> <20171210173222.GF5901@funkthat.com> <CADWvR2iGQOtcU=FnU-fNsso2eLCCQn=swnOLoqws%2B33V8VzX1Q@mail.gmail.com> <5c810101-9092-7665-d623-275c15d4612b@rawbw.com> <CADWvR2j_LLEPKnSynRRmP4LG3mypdkNitwg%2B7vSh=iuJ=JU09Q@mail.gmail.com> <fd888f6b-bf16-f029-06d3-9a9b754dc676@rawbw.com> <CADWvR2jnxVwXmTA9XpZhGYnCAhFVifqqx2MvYeSeHmYEybaNnA@mail.gmail.com> <19bd6d57-4fa6-24d4-6262-37e1487d7ed6@rawbw.com> <5A2DB80D.3020309@sorbs.net> <20171210225326.GK5901@funkthat.com> <99305.1512947694@critter.freebsd.dk> <86d13kgnfh.fsf@desk.des.no> <79567.1513083576@critter.freebsd.dk> <c27552cf-45d8-7686-c60d-256537780edc@denninger.net> <26440.1513088888@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12.12.17 15:28, Poul-Henning Kamp wrote: > For the FreeBSD SVN tree, this could almost be as simple as posting > an email, maybe once a week, with the exact revision checked out > and the PGP signed output of: > > svn co ... && find ... -print | sort | xargs cat | sha256 > > Such an archive would also be invaluable for reauthenticating in > case, somebody ever manages to do something evil to our repo. > >> Solve the problem at the correct location -- either fix svn to sign and >> verify updates or dump it for something that can and use that existing >> mechanism (e.g. git) > > As I mentioned humoursly to you in private email, I don't think > this particular problem will reach consensus any sooner if you > also tangling it in the SVN vs GIT political issue. How about an uncompressed tarball signed with signify? It could be replicated with rsync (or zsync) and getting security patches wouldn't require lots of network bandwidth. I still prefer to encrypt every transfer with PFS only protocols, but even with transport encryption in place content authentication is still valuable because it allows the use of caching proxies.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f019de34-e53e-836d-641b-01c02017415d>