From owner-freebsd-security@freebsd.org Fri Sep 18 00:13:00 2020 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A5FFC3F2E1C for ; Fri, 18 Sep 2020 00:13:00 +0000 (UTC) (envelope-from gjb@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BsvRw3vqVz3bfn; Fri, 18 Sep 2020 00:13:00 +0000 (UTC) (envelope-from gjb@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1600387980; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=wH0XoYPxCaf9/kXFQgP65j/EquSuignvppdDiDKBuEU=; b=E2XC+OPx8LF6BzAyv0+cGthNpthYEG7khJutdLnGkXRLIcDwE+a3w5o19a8XiIufHB6JDg 3gPw4T/fWR504TH/OYyRmmxzOFRI6z5hoIeU9v0YVBXj6wJNVQBeL6/S2gS7VfUwu21oyR MLA5jymf2HennzUXRB7DPfmrvk4fXtdp1dk157N5r0IFl1pWSPR8FI4kTWZigFSqXHjE8A GBrET9zqoy+F+P9XYnIvyeg1S4yVNI4GLG+SdXilKZH/WKKzNvHluix9dl6rsKZZt9bedi AXKyGSJTjY4XorhVl6260anZ4LzMeeexXpU57Qec52WvlIEpTvfv96G3t9EBrA== Received: from FreeBSD.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by freefall.freebsd.org (Postfix) with ESMTPS id 24D8612FDB; Fri, 18 Sep 2020 00:13:00 +0000 (UTC) (envelope-from gjb@freebsd.org) Date: Fri, 18 Sep 2020 00:12:57 +0000 From: Glen Barber To: grarpamp Cc: freebsd-security@freebsd.org Subject: Re: 12.2R Sigs Message-ID: <20200918001257.GI26726@FreeBSD.org> References: <20200917204102.GG26726@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="7SrMUQONj8Rl9QNG" Content-Disposition: inline In-Reply-To: ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1600387980; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=wH0XoYPxCaf9/kXFQgP65j/EquSuignvppdDiDKBuEU=; b=oe0c9QQ/K42iJ4/iz8ypWV79r5G4zClwxDOrXle7pO3/1K5Cu5wUZ2lAoWJLGHrAm1cTRf nHvPk+KKxzR+zS3TdoETReT0ML/iitwdPuHo1Md/n3VZucTnziCvV9weXdL8EEudO9PfUm 2qtmJ3shi0CaAmSMiItZTW5g+aS9tB5kag2pzWa2O7FAcwqUFE0QN0AoIqJCupVNU4q6ys SuVaQyvfvgLafYngofzU19uW+GvzZSC9qvUwglbvI8G+Ukws4oNcP1VVMT9ng0G5YFWY8n pyzqsVNhEQymx2E1NlF9Hg7VW1G49EJ2jgd8VRdHEt8iX8LhZkTrw0r8MFWVTg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1600387980; a=rsa-sha256; cv=none; b=TRG+Cdg+0LWDF5Bk/Uz7EgVWLvO1cXaS40+oQB7nCOi9yBuw479e2ErRhIYUGupitiDECn qsN7d2XTqBNILy5wLqnluGiejMj6pNmK+tguMncCM1AUUGfzV2f5BJuAoMaU4ezhiV/3Mo VmbTFd4geMAlL9JWezFfGKSICzF4KduH6NttGHJm8HFGiUE5qPHKIcwJqJUryRSI0trREZ hNt/hU48A8LXOZyz1xD95OxR6rDsXnQ0WnhEtkWOUpMbwqXLVJcZ5sfheFzfuUgYY1Gc7S WUXtxvbN2HEtR2r4NbsJeGP3Dd3mQhFva+bj/KdSR6+PdpKrnmlRJLR7x8Z12w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Sep 2020 00:13:00 -0000 --7SrMUQONj8Rl9QNG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Sep 17, 2020 at 08:03:54PM -0400, grarpamp wrote: > > They will be added with the first RC build >=20 > Yes RC* seems the latest point in timeline > to begin excercise them. >=20 > > a bug in the order of operations >=20 > > And there is the PGP-signed email to stable@ that contains > > them. >=20 > Future noting that lists do not support foreknown path schemes > for that data. Whereas repo, website and dataset locations are more > predictable and programmatic... allowing fetching, validation, etc. >=20 And for RC builds, they are predictable and programmatic. > There could be a commit subsequent to tags, to hold all > relavant collected metadata results, created sigs, etc of > those tagged builds. I am not on postmaster. Glen --7SrMUQONj8Rl9QNG Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjRJAPC5sqwhs9k2jAxRYpUeP4pMFAl9j+4QACgkQAxRYpUeP 4pPR+BAAlEJoaUywXRJU5I61cLtNvfBSvG35VF5pxONFSPBi7wYAWYxhWGzUxYCa C+udpc3naJqf2Gg0a4WKI179ABIm09HkaCtttSDnekJF76x+LYA/lqEuJq7OiVV1 rDchi87qgys4fHYoN3N7cMjfT2O6NLj/7OuiRrjfUX0jiqlomU3dSUHzLe/0zxyN 3PUQ1n/BVQq402aGR4dqLbc2IXDMA6bG3uNjLHWlTdk1W+NZ7ncFlVb0lGw2lJsW Xf9fc5wOZpSbCaLJGfBIrMPtv93+euHnbKJBS+044ije3Qjerm+hEEp07c4IZQya IsmaH0Nc7ju5MbCr/pu6YRCJ+pc9/Gao1NBhgXXzNszZfohE671W7A1Stv9KH7VD vTEd9+b/02Io5CsJ5ftHL5L3nsVrYl7XLF2QCeV5qKW9Ps3sldaJuTc3E8/da+xY FCnA2nP62ZnsKUMlWHIeqXR31aW8b3hxd2pRfuAem0T/FWProd9JCesdTogA42EH us5YoJVQQM3tiortNdUp/FtilTMYsdlQWl9NmmsHxB+1iEESvOoi/IRmO/OJMrDO yLNg8+AqI0P4yEuK0SQdFibK2F5w6THHqfXvVrZTiyIYEg5me75VCr9rJYqkvMWz nsijsRL+fjI+lDyiN08zG1govaBwV2xH4xQHkkRVyRPisgUv36U= =YtbC -----END PGP SIGNATURE----- --7SrMUQONj8Rl9QNG--