From owner-freebsd-questions@FreeBSD.ORG Fri Sep 28 23:38:30 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0557D1065670; Fri, 28 Sep 2012 23:38:30 +0000 (UTC) (envelope-from david.i.noel@gmail.com) Received: from mail-ie0-f182.google.com (mail-ie0-f182.google.com [209.85.223.182]) by mx1.freebsd.org (Postfix) with ESMTP id A96118FC0C; Fri, 28 Sep 2012 23:38:27 +0000 (UTC) Received: by ieak10 with SMTP id k10so4451293iea.13 for ; Fri, 28 Sep 2012 16:38:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=NcBmqdxEKph4/H0ImVA/NHJAZITB1fcl62qcWrjdZh0=; b=gkk83fBTyEyO3IUBayE8CuHPzjomgaSM+C7DJFZtUqFDvqaSCKNJ2QU3k1D+5eOY3I PC4yPYDcOSKTmTYly9PGe6xjPE2FHOVq97Er0eBlwnU72TSq8kTbSmq+hFApO1JgvYiR BzthOh/JZjKd126hq/hZe2DW5zGYg+ugG1MAKqY69lr4h/WPMzZQ3F66w3h2cymo9slT Oeixaomd0gcTBCdxuulYaZZautuTY415uA9LJJtlE6G13DtceDofcYGBJRu9oWi4wwgv hs5YQmnbtsLa0ddPTcpdicPaAOKHizIj7NPogYkYWIwK7CvOTjOFhs1TMMTiK6G/Ffc2 j8dg== MIME-Version: 1.0 Received: by 10.50.10.131 with SMTP id i3mr255226igb.10.1348875507391; Fri, 28 Sep 2012 16:38:27 -0700 (PDT) Received: by 10.64.25.130 with HTTP; Fri, 28 Sep 2012 16:38:27 -0700 (PDT) In-Reply-To: References: <20120928102822.GD2389@kontrol.kode5.net> <20120928115700.GE2389@kontrol.kode5.net> <50660AEF.2010301@FreeBSD.org> Date: Fri, 28 Sep 2012 18:38:27 -0500 Message-ID: From: David Noel To: Matthew Seaman Content-Type: text/plain; charset=ISO-8859-1 Cc: Ed Flecko , freebsd-questions@freebsd.org Subject: Re: svn checkout "head" or "stable" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: David.I.Noel@gmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Sep 2012 23:38:30 -0000 On 9/28/12, David Noel wrote: > On 9/28/12, Matthew Seaman wrote: >> On 28/09/2012 20:41, Ed Flecko wrote: >>> David - I'd like to, but every time I try that it prompts me for a >>> password...and I don't know what password it wants??? >> >> That would be the password to a freebsd.org account, which isn't going >> to work for most people on two counts: >> >> * freebsd.org uses SSH keys for authentication, not passwords. >> >> * even if you've got a SSH key, not being a FreeBSD committer you >> probably don't have a freebsd.org account. >> >> For anonymous access, you can use http or svn. Given that anonymous >> access is read-only, there's really not much to be gained from SSH or >> other means of encrypting the connection, either for you, or for the >> FreeBSD servers. It's anonymous, so you don't care about >> authentication. FreeBSD sources are publicly available, so you don't >> care about anyone eavesdropping on the traffic. About the only thing >> you're still exposed to is a man-in-the-middle attack, where someone >> could pose as a FreeBSD server and feed you a trojanned set of sources >> -- but then, you'ld still be exposed in exactly the same way even using >> svn+ssh. In practice, attacks of this type are very (pretty much >> vanishingly) rare. If they do concern you, then use portsnap(8) / >> freebsd-update(8) which has specific cryptographic protection against >> such things. The portsnap and freebsd-update build systems also have >> special access to the master FreeBSD repositories to minimize the >> chances that they themselves could be fed trojanned sources. >> >> Cheers, >> >> Matthew >> >> -- >> Dr Matthew J Seaman MA, D.Phil. >> PGP: http://www.infracaninophile.co.uk/pgpkey > > > MITM-based attacks--and subsequent corrupted sources--are my concern. > It was my understanding that anonymous svn+ssh would prevent this > assuming the host key was properly verified against > http://www.freebsd.org/internal/ssh-keys.asc. > > Recently I've installed from an iso and then manually updated with > pgp-signed security patches. It would certainly be nice to have some > secure source update mechanism though. > Apologies for the spam and the hastily written closing paragraph. I was hoping to end with a heartwarming anecdote that would leave the reader with no choice but to agree that anonymous ssh+svn access would benefit us all. AnonCVS is still of course an option, but with its eventual retirement the addition of an anonymous svn+ssh account would seem fitting, or at least consistent. -David