From owner-freebsd-current@freebsd.org Fri Jan 1 02:25:12 2021 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0DD2D4BAAC4 for ; Fri, 1 Jan 2021 02:25:12 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-ej1-x62f.google.com (mail-ej1-x62f.google.com [IPv6:2a00:1450:4864:20::62f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4D6TPz2QQdz4mXj for ; Fri, 1 Jan 2021 02:25:11 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: by mail-ej1-x62f.google.com with SMTP id w1so27010291ejf.11 for ; Thu, 31 Dec 2020 18:25:10 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=4cmODN6zCilMcYIt5I/tJE2hX6QNBtCe+fRRJExA37o=; b=mkkIBVB6RcrLpyY6yBXhX61FbSk8QhNQi538i7Ou5SMA+PTc+jAJW7CzqY73BVVDsN LMTt/txW9fAaq6hVHc8yLtH/5OyEnaGISgMq7PO1O2owJW8UANEK05q9yk/gw4pfYbGA upUD3sMV23VT6IL546niINSIDcUQq94zQIvzjGe58uYMhg9a+2kRtgCPIjt0AZdT9/A8 TtNa6VRw6uMlXqCunTgjSUbdhmV0v4OajYkVyHm40PD8BnfeDqMwFqtKcXC0XqMtUZ35 Rgu+I7TlhQXKX5zYVjaUhXgMuTjE5rRSQ6qL22jRo9kmr8tD2IezuPaiuRnIPwcjpTHB zWmg== X-Gm-Message-State: AOAM533qzbiq83fWVEsXA8MbOPTqeP2Znst0/0ZLozQoPlph2qpyt18t Jz4UT/Syc4QIMo0+KDEu+8CAeektGSfeVq130LxjdYQJo9CURA== X-Google-Smtp-Source: ABdhPJw88R4EY/57Zc42yXYDionYRZcaa36Li8rAnPb0AB8twDSc9rKtOiIsgm5paiQXvIG//Q5keRRBYSUDDE5Jp8E= X-Received: by 2002:a17:906:c83b:: with SMTP id dd27mr56401539ejb.356.1609467909696; Thu, 31 Dec 2020 18:25:09 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a54:3d8d:0:0:0:0:0 with HTTP; Thu, 31 Dec 2020 18:25:08 -0800 (PST) In-Reply-To: <20201231193908.GC31099@funkthat.com> References: <5fdc0b90.1c69fb81.866eb.8c29SMTPIN_ADDED_MISSING@mx.google.com> <20201218175241.GA72552@spindle.one-eyed-alien.net> <20201218182820.1P0tK%steffen@sdaoden.eu> <20201223023242.GG31099@funkthat.com> <20201223162417.v7Ce6%steffen@sdaoden.eu> <20201229011939.GU31099@funkthat.com> <20201229210454.Lh4y_%steffen@sdaoden.eu> <20201230004620.GB31099@funkthat.com> <20201231193908.GC31099@funkthat.com> From: grarpamp Date: Thu, 31 Dec 2020 21:25:08 -0500 Message-ID: Subject: Re: HEADS UP: FreeBSD src repo transitioning to git this weekend To: freebsd-current@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4D6TPz2QQdz4mXj X-Spamd-Bar: / X-Spamd-Result: default: False [-0.00 / 15.00]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[2a00:1450:4864:20::62f:from]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; NEURAL_SPAM_MEDIUM(1.00)[1.000]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[2a00:1450:4864:20::62f:from:127.0.2.255]; NEURAL_SPAM_SHORT(1.00)[1.000]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::62f:from]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-current] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jan 2021 02:25:12 -0000 > There is already HTTPS to protect the "authenticity" of the magnet > link. No. FreeBSD fails to publish signed fingerprints of their TLS pubkeys, therefore users can't pin them down, therefore any MITM can bypass CA game and MITM attack users at will, feed them bogus infohash, isos, git repo tofu, pkg, etc. MITM is bad, MITM is in use, and MITM fails when sig'd, verified, and pinned. > Yes, someone could vandalize the wiki page but I'm now > subscribed and will notice it... Only if they go through your front door. > Also, magnet links are not officially supported the project. > provide them because I think it's useful, and there are some people > who request them... transmission-bt, aria2, etc fast, easy, distributed sharing. But needs backed by real sigs. > It's difficult to educate people on these points.. Especially when poor examples to observe and learn from continue among infrastructures and even educators. > snapaid was designed to make it even easier... So they've learned some provider specific edge tool, not general gpg, or even wider security. Oh well. > Is there any reason to think [bittorrent] insecure? Cost under $50k of compute to break sha-1, multiply that by SolarWinds size distribution clouds under tofu, collect your winnings based on your node count.