Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 19 Nov 2008 11:37:01 +0000 (UTC)
From:      Vadim Goncharov <vadim_nuclight@mail.ru>
To:        freebsd-current@freebsd.org
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: cosum: Checkout verification PoC
Message-ID:  <slrngi7uit.btt.vadim_nuclight@server.filona.x88.info>
References:  <200809222233.26053.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi Max Laier! 

On Mon, 22 Sep 2008 22:33:25 +0200; Max Laier wrote about 'cosum: Checkout verification PoC':

> the attached script will generate md5 and sha256 checksums of a checkout and 
> try to find the corresponding svn-revision.  This can help to verify that your 
> checkout from cvsupX.yy.freebsd.org is authentic.  Not that there is reason to 
> believe that we have compromised cvsup-servers.  This is just something I've 
> been toying with and wanted to let you know to see if people find the idea 
> interesting.  I'd also be interested in reviews of the concept (note that I 
> know that https would be a good idea, I just cba to setup a certificate).

> The coverage currently is head and stable/{6,7} svn revision 179451:183186 
> (i.e. since the first svn commit up to "2008-09-19 16:51:41 +0200".  I don't 
> yet have a cronjob in place to generate new checksums, so this will become 
> less useful quick.  If people do find it interesting, however, I could 
> certainly roll something.

> As you can see, the script is ready to checksum cvs and svn checkouts.  If you 
> obtain your checkout from some local git/hg/svk/... mirror you must modify the 
> find excludes accordingly.

> Let me know what you think.

This is a good solution for our users caring about security. I think such
definitely should be incorporated into base system and server-side support be
provided at freebsd.org on official basis.

-- 
WBR, Vadim Goncharov. ICQ#166852181       mailto:vadim_nuclight@mail.ru
[Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?slrngi7uit.btt.vadim_nuclight>