From owner-freebsd-chat@FreeBSD.ORG Sat Jun 21 20:36:36 2003 Return-Path: Delivered-To: freebsd-chat@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A38F337B401 for ; Sat, 21 Jun 2003 20:36:36 -0700 (PDT) Received: from HAL9000.homeunix.com (ip114.bella-vista.sfo.interquest.net [66.199.86.114]) by mx1.FreeBSD.org (Postfix) with ESMTP id AA70643FB1 for ; Sat, 21 Jun 2003 20:36:34 -0700 (PDT) (envelope-from das@FreeBSD.org) Received: from HAL9000.homeunix.com (localhost [127.0.0.1]) by HAL9000.homeunix.com (8.12.9/8.12.9) with ESMTP id h5M3aRJa060491; Sat, 21 Jun 2003 20:36:28 -0700 (PDT) (envelope-from das@FreeBSD.org) Received: (from das@localhost) by HAL9000.homeunix.com (8.12.9/8.12.9/Submit) id h5M3aPmD060490; Sat, 21 Jun 2003 20:36:25 -0700 (PDT) (envelope-from das@FreeBSD.org) Date: Sat, 21 Jun 2003 20:36:25 -0700 From: David Schultz To: Colin Percival Message-ID: <20030622033625.GA60460@HAL9000.homeunix.com> Mail-Followup-To: Colin Percival , chat@FreeBSD.org References: <5.0.2.1.1.20030621193449.02c91ce8@popserver.sfu.ca> <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca> <20030621163835.GA18653@tulip.epweb.co.za> <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca> <5.0.2.1.1.20030621193449.02c91ce8@popserver.sfu.ca> <5.0.2.1.1.20030622022111.02c1cdf8@popserver.sfu.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5.0.2.1.1.20030622022111.02c1cdf8@popserver.sfu.ca> cc: chat@FreeBSD.org Subject: Re: Cryptographically enabled ports tree. X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Jun 2003 03:36:36 -0000 On Sun, Jun 22, 2003, Colin Percival wrote: > At 18:18 21/06/2003 -0700, David Schultz wrote: > >We already have MD5 checksums of each port, so all it takes is to > >have so@ sign a MAC for the entire ports tree. > > Yes, I'm sure the security officers would be delighted to login and > enter a PGP passphrase every time someone commits something to the ports > tree. ;) > > > Now doing > >something more sophistocated and seamless would be a little bit > >more effort... > > What we need is something integrated into the CVS system which rebuilds > the necessary signatures every time the ports tree is modified, and commits > those into the CVS tree. Any CVS experts around who could say how to do > this? You don't even have to do that. The tree just needs to be signed once for every release. Signing it more often requires that the key be online, which is not a good idea from a security point of view. That's why DNSSEC and other protocols that have a signature-based infrastructure allow for offline signing. I don't see why people need to update their ports tree more often than once a release. Granted, anyone who wanted to offer a (less secure) daily port tree signing service or something, they could easily do so with access to cvsup-master. (It used to be you could talk to jdp@ for this; I'm not sure who is responsible now.) Actually, I'm not sure whether cvsup's authentication is one-way or two-way, though.