Date: Sat, 15 Feb 2020 19:26:54 +0000 From: Nathan Dorfman <ndorf@rtfm.net> To: Glen Barber <gjb@freebsd.org> Cc: freebsd-security@freebsd.org Subject: Re: Cryptographic signatures of installer sets Message-ID: <20200215192654.GA8@rtfm.net> In-Reply-To: <20200212152221.GE9584@FreeBSD.org> References: <20200125200007.GA11@rtfm.net> <20200127164201.GB9584@FreeBSD.org> <20200130005006.GA13@e398a4ce8009> <20200130132239.GG9584@FreeBSD.org> <20200201233420.GA18@rtfm.net> <20200203135710.GK9584@FreeBSD.org> <20200211233132.GA7@rtfm.net> <20200212152221.GE9584@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Feb 12, 2020 at 03:22:21PM +0000, Glen Barber wrote: > > Have you considered the possibility of simply publishing a detached > > signature with every MANIFEST, in a similar manner to what is done for > > the installer images? > > > > I have not, as a change to the misc/freebsd-release-manifests port will > generate an email (or at minimum, a change in the repository), which > would be a red flag for nefarious behavior. Gotcha. So it sounds like your solution is the best path forward. Looking forward to seeing your patch! -nd.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200215192654.GA8>