From owner-freebsd-pkgbase@freebsd.org Wed Jun 29 23:57:15 2016 Return-Path: Delivered-To: freebsd-pkgbase@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 36AC6B8733F for ; Wed, 29 Jun 2016 23:57:15 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 24FA12CF3; Wed, 29 Jun 2016 23:57:15 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from FreeBSD.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by freefall.freebsd.org (Postfix) with ESMTP id C58B11C9D; Wed, 29 Jun 2016 23:57:14 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Date: Wed, 29 Jun 2016 23:57:13 +0000 From: Glen Barber To: Colin Percival Cc: Bryan Drewery , Yuri , freebsd-pkgbase@FreeBSD.org Subject: Re: Are signatures of system images verified? Message-ID: <20160629235713.GQ1453@FreeBSD.org> References: <2cde3a9e-8b4d-8c5e-408a-053710986e29@rawbw.com> <20160629213252.GI1453@FreeBSD.org> <5f72274d-6932-fbf2-8abd-86a865aec0d1@rawbw.com> <20160629215944.GJ1453@FreeBSD.org> <7ac94438-4d39-2695-7b79-9ce04373e7e1@rawbw.com> <20160629230324.GL1453@FreeBSD.org> <5d642659-944b-d65d-9fc9-2aeab36acd98@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="/Ocr+Jy+jPJR1APa" Content-Disposition: inline In-Reply-To: X-Operating-System: FreeBSD 11.0-CURRENT amd64 X-SCUD-Definition: Sudden Completely Unexpected Dataloss X-SULE-Definition: Sudden Unexpected Learning Event X-PEKBAC-Definition: Problem Exists, Keyboard Between Admin/Computer User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-pkgbase@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Packaging the FreeBSD base system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2016 23:57:15 -0000 --/Ocr+Jy+jPJR1APa Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 29, 2016 at 04:50:55PM -0700, Colin Percival wrote: > On 06/29/16 16:38, Bryan Drewery wrote: > > Around that time (January 2016), Colin Percival has been maintaining a > > copy of the MANIFESTS in ports-mgmt/poudriere as well. >=20 > For the record, I obtained these files by downloading the release ISOs, > verifying their hashes against the signed release announcements, and > then extracting the MANIFEST files from the ISOs, and I intend to do > this for future releases as well. I think the consensus was that this > was a better option than adding "commit MANIFEST files to the ports > tree" to the already very lengthy release engineering checklist, but > of course I'd have no objection to handing over this task if re@ wanted > it for some reason. :-) >=20 There are other (valid) reasons for having these signed "somewhere". I'm sure there are more use cases than bootonly.iso and poudriere that use these files. So, it's on my list, but since we have the MANIFESTs you already gathered, no immediate plan to make this retroactive. Glen --/Ocr+Jy+jPJR1APa Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXdGBZAAoJEAMUWKVHj+KT3PEP/RG1XDClfDPi8hShLa7eq5Si hJEvFYXCeA2KmSDmFsEP2wjMcRGZn8BDzqUTE/GonVfjgkKU6yn/1+pBnQByrb+i MkV8ZJ+8VmJxrsRMiRHvugSA72Y8HTWVwf4xD06inbWf6V2e/3zwaLxFURN29i8M c1gMKr1Dw2EB9gdTyDS5pIXxQEj7WL4ojX6QK+1QaTNU5PMCXUauUNyk5qYH5nuJ ur+TN1qc9xDtLOn+ZUD5ygThl5Q5QpmVmHALHt0fgzFR7CYoIjhdJYQrxy+AVGNm gKSQLStsysmPkW9lvYXj94H/pIcTBLxuRUaDvbAEfaZtJPHt+EtnwGC1FbjuBEAj 4zbWb7z989uMVBhhl2CViOgiOV98K457gbicbvpEFaDFNaGoUQAO87Pq3Uvt9qgH 0BwDZFLfD0xynEBX4BSf9/hmTvzv9fKKuop4EBvzoxaME8hSZhMdc+KgIaY7Al3D uIGmt2/WUhzheFGse2DODjOnBHE/Bs4bhNM99QQq4OwQoszITfaI9tqYMcGMWAMp TIXTSu+eb/oPQMPnr4NItUM+b8lIqeaLjy634i87ogWA7Iz4My4pf0yaU3aE/4QD MEVtkatIm+wEuKa+n0RFk2caVyaZ1sJtokSlHG+1SrwlujpanQbWo9wJ8Zu35Wmd qD0BWDQEMtnGINfigvvh =7avp -----END PGP SIGNATURE----- --/Ocr+Jy+jPJR1APa--