From owner-freebsd-questions@FreeBSD.ORG  Fri Jan  2 21:53:41 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 865651065674
	for <freebsd-questions@freebsd.org>;
	Fri,  2 Jan 2009 21:53:41 +0000 (UTC)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from wojtek.tensor.gdynia.pl (wojtek.tensor.gdynia.pl
	[IPv6:2001:4070:101:2::1])
	by mx1.freebsd.org (Postfix) with ESMTP id C51248FC18
	for <freebsd-questions@freebsd.org>;
	Fri,  2 Jan 2009 21:53:40 +0000 (UTC)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from wojtek.tensor.gdynia.pl (localhost [IPv6:::1])
	by wojtek.tensor.gdynia.pl (8.14.3/8.14.3) with ESMTP id n02LrUId039960;
	Fri, 2 Jan 2009 22:53:30 +0100 (CET)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from localhost (wojtek@localhost)
	by wojtek.tensor.gdynia.pl (8.14.3/8.14.3/Submit) with ESMTP id
	n02LrTLo039957; Fri, 2 Jan 2009 22:53:30 +0100 (CET)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Date: Fri, 2 Jan 2009 22:53:29 +0100 (CET)
From: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl>
To: cpghost <cpghost@cordula.ws>
In-Reply-To: <20090102193002.GA72103@phenom.cordula.ws>
Message-ID: <20090102225246.C39956@wojtek.tensor.gdynia.pl>
References: <20090102164412.GA1258@phenom.cordula.ws>
	<cd6b4a5b0901020926t11dc7817j74e44cf61980f262@mail.gmail.com>
	<20090102180524.GA1742@phenom.cordula.ws>
	<20090102200221.K39573@wojtek.tensor.gdynia.pl>
	<20090102193002.GA72103@phenom.cordula.ws>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-questions@freebsd.org
Subject: Re: Foiling MITM attacks on source and ports trees
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jan 2009 21:53:41 -0000

>> other ways to compromise Your systems.
>>
>> if one really care then make your VPN for all your computers, use one that
>> is unknown for others to download portsnap etc. and then use rsync to
>> populate it to other machines.
>
> I'm already getting the files from one location and disseminate
> them via rsync-over-SSH-over-VPNs to the server farms. But the
> problem is the initial download from a cvsup mirror. That's the
> one I'm really concerned with.

just use widely-"unknown" computer like your private, even better - 
something that have dynamic IP :)