Date: Mon, 5 Jan 2009 22:58:39 -0900 From: Mel <fbsd.questions@rachie.is-a-geek.net> To: freebsd-questions@freebsd.org Subject: Re: Foiling MITM attacks on source and ports trees Message-ID: <200901052258.39785.fbsd.questions@rachie.is-a-geek.net> In-Reply-To: <495F5DD7.2070302@infracaninophile.co.uk> References: <20090102164412.GA1258@phenom.cordula.ws> <20090103013825.18910bf5@gumby.homeunix.com> <495F5DD7.2070302@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Saturday 03 January 2009 03:45:11 Matthew Seaman wrote:
> [*] Buying a high security cert from the likes of Verisign or OpenSRS wou=
ld
> set you back about =A3800 p.a. and it would probably be necessary to use
> someone like the FreeBSD Foundation as an appropriate body to own the cer=
t.
<OT>
I would actually trust a self-signed cert by the FreeBSD security officer,=
=20
more then one by Verisign. Power hungry companies like Verisign are more=20
succeptable to corruption then the entity I want to have or already a=20
relationship with in the first place.
</OT>
=2D-=20
Mel
Problem with today's modular software: they start with the modules
and never get to the software part.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901052258.39785.fbsd.questions>