From owner-freebsd-chat@FreeBSD.ORG Sat Jun 21 22:59:05 2003 Return-Path: Delivered-To: freebsd-chat@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9146437B401 for ; Sat, 21 Jun 2003 22:59:05 -0700 (PDT) Received: from HAL9000.homeunix.com (ip114.bella-vista.sfo.interquest.net [66.199.86.114]) by mx1.FreeBSD.org (Postfix) with ESMTP id D2E6943F75 for ; Sat, 21 Jun 2003 22:59:04 -0700 (PDT) (envelope-from das@FreeBSD.org) Received: from HAL9000.homeunix.com (localhost [127.0.0.1]) by HAL9000.homeunix.com (8.12.9/8.12.9) with ESMTP id h5M5x1Ja061019; Sat, 21 Jun 2003 22:59:01 -0700 (PDT) (envelope-from das@FreeBSD.org) Received: (from das@localhost) by HAL9000.homeunix.com (8.12.9/8.12.9/Submit) id h5M5x09C061018; Sat, 21 Jun 2003 22:59:00 -0700 (PDT) (envelope-from das@FreeBSD.org) Date: Sat, 21 Jun 2003 22:59:00 -0700 From: David Schultz To: Colin Percival Message-ID: <20030622055900.GA60949@HAL9000.homeunix.com> Mail-Followup-To: Colin Percival , chat@FreeBSD.org References: <5.0.2.1.1.20030622022111.02c1cdf8@popserver.sfu.ca> <5.0.2.1.1.20030621193449.02c91ce8@popserver.sfu.ca> <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca> <20030621163835.GA18653@tulip.epweb.co.za> <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca> <5.0.2.1.1.20030621193449.02c91ce8@popserver.sfu.ca> <5.0.2.1.1.20030622022111.02c1cdf8@popserver.sfu.ca> <5.0.2.1.1.20030622044124.02cc0948@popserver.sfu.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5.0.2.1.1.20030622044124.02cc0948@popserver.sfu.ca> cc: chat@FreeBSD.org Subject: Re: Cryptographically enabled ports tree. X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Jun 2003 05:59:05 -0000 On Sun, Jun 22, 2003, Colin Percival wrote: > >Granted, anyone who wanted to offer a (less secure) daily port > >tree signing service or something, they could easily do so with > >access to cvsup-master. > > True, but that wouldn't be transparent. People would have to tell cvsup > to fetch a particular snapshot of the ports tree, to match the most recent > signature; much better if they can cvsup as per normal, get the latest > versions of everything, and have the signature come along automatically. Then you have a problem, because you're asking for things to be signed without them being trusted in the first place. Nobody is going to vouch for and cryptographically sign every commit. The FreeBSD Project doesn't even make any guarantees about the security of what's out there in the ports collection already. If you just want to know that the bits you have came from freebsd.org, that's another thing. The technology to do that already exists in cvsup, as long as you trust the mirrors. (Most of them probably don't use authentication right now, but that can be fixed, I'm sure, if enough people are concerned about it.) If your whole point is that you don't trust the mirrors, then maybe you have a case for signing deltas on the master...