From owner-freebsd-stable@FreeBSD.ORG Mon Nov 17 09:44:15 2003 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F54516A4CE for ; Mon, 17 Nov 2003 09:44:15 -0800 (PST) Received: from tx1.oucs.ox.ac.uk (tx1.oucs.ox.ac.uk [129.67.1.167]) by mx1.FreeBSD.org (Postfix) with ESMTP id 797BB43FD7 for ; Mon, 17 Nov 2003 09:44:13 -0800 (PST) (envelope-from colin.percival@wadham.ox.ac.uk) Received: from scan1.oucs.ox.ac.uk ([129.67.1.166] helo=localhost) by tx1.oucs.ox.ac.uk with esmtp (Exim 4.20) id 1ALn53-0000FL-HL for freebsd-stable@freebsd.org; Mon, 17 Nov 2003 17:22:29 +0000 Received: from rx1.oucs.ox.ac.uk ([129.67.1.165]) by localhost (scan1.oucs.ox.ac.uk [129.67.1.166]) (amavisd-new, port 25) with ESMTP id 30098-01-156 for ; Mon, 17 Nov 2003 17:22:29 +0000 (GMT) Received: from gateway.wadham.ox.ac.uk ([163.1.161.253]) by rx1.oucs.ox.ac.uk with smtp (Exim 4.20) id 1ALmjn-0002BT-5z for freebsd-stable@freebsd.org; Mon, 17 Nov 2003 17:00:31 +0000 Received: (qmail 22231 invoked by uid 0); 17 Nov 2003 17:00:31 -0000 Received: from colin.percival@wadham.ox.ac.uk by gateway by uid 71 with qmail-scanner-1.16 (sweep: 2.14/3.71. spamassassin: 2.53. Clear:. Processed in 8.581104 secs); 17 Nov 2003 17:00:31 -0000 X-Qmail-Scanner-Mail-From: colin.percival@wadham.ox.ac.uk via gateway X-Qmail-Scanner: 1.16 (Clear:. Processed in 8.581104 secs) Received: from dhcp1131.wadham.ox.ac.uk (HELO piii600.wadham.ox.ac.uk) (163.1.161.131) by gateway.wadham.ox.ac.uk with SMTP; 17 Nov 2003 17:00:22 -0000 Message-Id: <5.0.2.1.1.20031117165641.03101720@popserver.sfu.ca> X-Sender: cperciva@popserver.sfu.ca X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Mon, 17 Nov 2003 17:00:16 +0000 To: Carol Overes , freebsd-stable@freebsd.org From: Colin Percival In-Reply-To: <20031117140240.41031.qmail@web20710.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Re: Secure updating of OS and ports X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 17:44:15 -0000 At 06:02 17/11/2003 -0800, Carol Overes wrote: >I'm thinking of updating kernel and binaries with >patches form ftp.freebsd.org which are siganed with >the PGP key of the security officers. However, this >has to be hand-made patching. Does anyone know a >secure way via for example cvsup ? CVSup is insecure. FreeBSD Update might do what you want, but you'd have to trust me. :) >Also, I'm looking for a secure way to update ports >applications. How can I check that patches for ports >doesn't contain any trojans for example, or are coming >from the original source. There isn't any way to update the ports tree securely. I'd like to fix this, but at the moment I need to give priority to my DPhil work, so it probably isn't going to happen in the near future. Colin Percival