Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 21 Jun 2003 22:59:00 -0700
From:      David Schultz <das@FreeBSD.org>
To:        Colin Percival <colin.percival@wadham.ox.ac.uk>
Cc:        chat@FreeBSD.org
Subject:   Re: Cryptographically enabled ports tree.
Message-ID:  <20030622055900.GA60949@HAL9000.homeunix.com>
In-Reply-To: <5.0.2.1.1.20030622044124.02cc0948@popserver.sfu.ca>
References:  <5.0.2.1.1.20030622022111.02c1cdf8@popserver.sfu.ca> <5.0.2.1.1.20030621193449.02c91ce8@popserver.sfu.ca> <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca> <20030621163835.GA18653@tulip.epweb.co.za> <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca> <5.0.2.1.1.20030621193449.02c91ce8@popserver.sfu.ca> <5.0.2.1.1.20030622022111.02c1cdf8@popserver.sfu.ca> <5.0.2.1.1.20030622044124.02cc0948@popserver.sfu.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, Jun 22, 2003, Colin Percival wrote:
> >Granted, anyone who wanted to offer a (less secure) daily port
> >tree signing service or something, they could easily do so with
> >access to cvsup-master.
> 
>   True, but that wouldn't be transparent.  People would have to tell cvsup 
> to fetch a particular snapshot of the ports tree, to match the most recent 
> signature; much better if they can cvsup as per normal, get the latest 
> versions of everything, and have the signature come along automatically.

Then you have a problem, because you're asking for things to be
signed without them being trusted in the first place.  Nobody is
going to vouch for and cryptographically sign every commit.
The FreeBSD Project doesn't even make any guarantees about the
security of what's out there in the ports collection already.

If you just want to know that the bits you have came from
freebsd.org, that's another thing.  The technology to do that
already exists in cvsup, as long as you trust the mirrors.  (Most
of them probably don't use authentication right now, but that can
be fixed, I'm sure, if enough people are concerned about it.)
If your whole point is that you don't trust the mirrors, then maybe
you have a case for signing deltas on the master...

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030622055900.GA60949>