Date: Sat, 11 Oct 2014 15:34:19 +0200 From: Michelle Sullivan <michelle@sorbs.net> To: scratch65535@att.net Cc: freebsd-ports <freebsd-ports@freebsd.org> Subject: Re: PKG not quite ready for prime time Message-ID: <543931DB.7070205@sorbs.net> In-Reply-To: <e79i3ale313b5iqvuql3ns08m86hmtonoa@4ax.com> References: <sl4g3adpms8lkd2rr38n3666et8eptsp9i@4ax.com> <543817AA.8080305@gmx.de> <he6g3apojoln19fd9d8gr2rs0koq3a6940@4ax.com> <54381E16.9070609@FreeBSD.org> <1a8g3athvnun67c4kljhjtsjjlc30116j1@4ax.com> <543837CF.9070607@FreeBSD.org> <e79i3ale313b5iqvuql3ns08m86hmtonoa@4ax.com>
next in thread | previous in thread | raw e-mail | index | archive | help
scratch65535@att.net wrote: > On Fri, 10 Oct 2014 14:47:27 -0500, you wrote: > > >> On 10/10/2014 1:12 PM, scratch65535@att.net wrote: >> >>> On Fri, 10 Oct 2014 12:57:42 -0500, Brian Drewery wrote: >>> >>> >>>> find /usr/share/keys/pkg -exec sha256 {} + >>>> >>> No such file >>> >> That's your problem. You are missing the signature fingerprints to >> compare against. As such Pkg is refusing to do anything to prevent MITM >> attacks. >> >> You are missing this: >> https://www.freebsd.org/security/advisories/FreeBSD-EN-14:03.pkg.asc >> >> freebsd-update can provide it. >> > > Thank you for the pointer. > > What puzzles me is why the problem wasn't fixed for o/s versions > prior to 10.0 since it was being made mandatory for those > versions. That doesn't seem like good practice. > We have a winner! <3\ -- Michelle Sullivan http://www.mhix.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?543931DB.7070205>