From owner-ctm-users@freebsd.org  Fri Aug 21 00:52:27 2015
Return-Path: <owner-ctm-users@freebsd.org>
Delivered-To: ctm-users@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 088689BE09A
 for <ctm-users@mailman.ysv.freebsd.org>; Fri, 21 Aug 2015 00:52:27 +0000 (UTC)
 (envelope-from rik@inse.ru)
Received: from ns.rikbsd.org (mail.ptechlab.com [77.220.135.51])
 by mx1.freebsd.org (Postfix) with ESMTP id B7C98F26
 for <ctm-users@freebsd.org>; Fri, 21 Aug 2015 00:52:26 +0000 (UTC)
 (envelope-from rik@inse.ru)
Received: from [127.0.0.1] (mgate.rikbsd.org [192.168.2.3])
 by ns.rikbsd.org (Postfix) with ESMTPA id 3436120DC0E;
 Thu, 20 Aug 2015 12:57:39 +0000 (UTC)
Message-ID: <55D5D074.4030301@inse.ru>
Date: Thu, 20 Aug 2015 16:04:52 +0300
From: Roman Kurakin <rik@inse.ru>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Helge Oldach <freebsd@oldach.net>, ctm-users@freebsd.org
Subject: Re: Do you still need CTM?
References: <201508201259.t7KCxSUd006343@sep.oldach.net>
In-Reply-To: <201508201259.t7KCxSUd006343@sep.oldach.net>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: ctm-users@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: CTM User discussions <ctm-users.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/ctm-users>,
 <mailto:ctm-users-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/ctm-users/>
List-Post: <mailto:ctm-users@freebsd.org>
List-Help: <mailto:ctm-users-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/ctm-users>,
 <mailto:ctm-users-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Aug 2015 00:52:27 -0000

Hi,

On 08/20/2015 03:59 PM, Helge Oldach wrote:
> Hi,
>
> (Sorry for the noise.)
>
> Julian H. Stacey wrote on Thu, 20 Aug 2015 14:01:03 +0200 (CEST):
>> If an axer asserts
>> there's a security issue, original author phk@ may be interested.
>> <ctm-users@freebsd.org> may also be interested to fix it, but
>> axe propenet has Not provided us detail.
> I suspects it's related to a potential MITM threat: Both freebsd-update as well as svn deliver mechanisms to detect such attacks and refuse to update. CTM doesn't - actually it's fairly easy to tamper with deltas shipped by unencrypted e-mail. (No, md5 sums don't help.)
So, signing emails would be enough?

Best regards,
     rik

> [...]
>
> Regards,
> Helge
> _______________________________________________
> ctm-users@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/ctm-users
> To unsubscribe, send any mail to "ctm-users-unsubscribe@freebsd.org"