From owner-freebsd-current@freebsd.org Thu Dec 31 22:15:38 2020 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A86D04D19F5 for ; Thu, 31 Dec 2020 22:15:38 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wr1-x431.google.com (mail-wr1-x431.google.com [IPv6:2a00:1450:4864:20::431]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4D6Mt14flkz3w5Y for ; Thu, 31 Dec 2020 22:15:37 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: by mail-wr1-x431.google.com with SMTP id d26so20957884wrb.12 for ; Thu, 31 Dec 2020 14:15:37 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=XQk0lOjIj1enK/EahccP7ECV36ZghI+8znKIqyfl9k4=; b=MQRhxYoLtfBX26EXSeOKQHEoHk9J4qZztjX/rqFXwCKuQw6X5Q4AW8HLebhnXKy5qd 7czAKxHcLRNpLyZv9rCe2wXm9q2SDo/cV3zgZYiD3w7hI4ovnpDn/uHPaVoQM0ysEIUk 5aMxqvW6TgZQbtcdlhsSvbGcTIECAIt4GA6Emmn4o4UuBBWAaWbx0bxqH+BgLkfwoffH o6SSJuKWQcxzaTgNoIoRutg5dHvZOSe0Z83txXZ5ySLWITWD4vkNKBXSfNGDMnpVn50b aRBdH2kZSJ3pGqoFX+8Tq2/a/KFkEytWnXltWu5sgh5Qg4YfXxaSjaPYYmpeAw7Y6qW6 4dAQ== X-Gm-Message-State: AOAM530APwMQpw4aVTOa3/x0epjQLRRMRvzR77qySwlmErODzUnOjdf0 P43QoIakuxLqYc0PNaah21fIlM9+hPX9Cw== X-Google-Smtp-Source: ABdhPJwC2NnHvZqN1SGaMlZQ7g4kcNbWttKkHca7JIKyqhXjmrmlER9v1p7bbt/5sg9dBANUuCL19Q== X-Received: by 2002:a5d:4f10:: with SMTP id c16mr65006960wru.398.1609452935450; Thu, 31 Dec 2020 14:15:35 -0800 (PST) Received: from gumby.homeunix.com ([2.220.21.184]) by smtp.gmail.com with ESMTPSA id o74sm16305405wme.36.2020.12.31.14.15.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 31 Dec 2020 14:15:34 -0800 (PST) Date: Thu, 31 Dec 2020 22:15:30 +0000 From: RW To: freebsd-current@freebsd.org Subject: Re: HEADS UP: FreeBSD src repo transitioning to git this weekend Message-ID: <20201231221530.4f709bb6@gumby.homeunix.com> In-Reply-To: <20201231193908.GC31099@funkthat.com> References: <5fdc0b90.1c69fb81.866eb.8c29SMTPIN_ADDED_MISSING@mx.google.com> <20201218175241.GA72552@spindle.one-eyed-alien.net> <20201218182820.1P0tK%steffen@sdaoden.eu> <20201223023242.GG31099@funkthat.com> <20201223162417.v7Ce6%steffen@sdaoden.eu> <20201229011939.GU31099@funkthat.com> <20201229210454.Lh4y_%steffen@sdaoden.eu> <20201230004620.GB31099@funkthat.com> <20201231193908.GC31099@funkthat.com> X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.32; amd64-portbld-freebsd12.1) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4D6Mt14flkz3w5Y X-Spamd-Bar: - X-Spamd-Result: default: False [-1.90 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; FREEMAIL_FROM(0.00)[googlemail.com]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[googlemail.com:+]; DMARC_POLICY_ALLOW(-0.50)[googlemail.com,quarantine]; NEURAL_HAM_SHORT(-0.90)[-0.903]; RECEIVED_SPAMHAUS_PBL(0.00)[2.220.21.184:received]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[googlemail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RBL_DBL_DONT_QUERY_IPS(0.00)[2a00:1450:4864:20::431:from]; DWL_DNSWL_NONE(0.00)[googlemail.com:dkim]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[googlemail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; NEURAL_SPAM_MEDIUM(1.00)[1.000]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[2a00:1450:4864:20::431:from:127.0.2.255]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::431:from]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-current] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Dec 2020 22:15:38 -0000 On Thu, 31 Dec 2020 11:39:08 -0800 John-Mark Gurney wrote: > grarpamp wrote this message on Wed, Dec 30, 2020 at 00:55 -0500: > > > signatures of the magnet links > > > > Signing torrent.asc, with stronger or even same hash as BT > > protocol, still serve purpose of authenticate torrent file back > > to a signer to the degree therein, caveat their platform security, > > caveat sha-1 inside torrent still being abuseable by third party, > > caveat etc > One of the large parts of security is that not everyone knows the > in's and out's of security, so people who don't know, will have heard > that SHA-1 is a cryptographic hash, and assume that something is > secure when using it. Is there any reason to think it's insecure? Even if a collision attack can be make to work against bittorrent, the attacker would need to have control over the contents of the legitimate torrent as well as the bogus one. It wouldn't be "abuseable by third party".