From owner-freebsd-security  Sun Jul  8 20:30:16 2001
Delivered-To: freebsd-security@freebsd.org
Received: from a.mx.clublinux.org (h216-170-019-162.adsl.navix.net [216.170.19.162])
	by hub.freebsd.org (Postfix) with SMTP id 429B037B403
	for <freebsd-security@freebsd.org>; Sun,  8 Jul 2001 20:30:11 -0700 (PDT)
	(envelope-from steve@clublinux.org)
Received: (qmail 6844 invoked from network); 9 Jul 2001 02:28:44 -0000
Received: from unknown (HELO clublinux.org) (192.168.33.33)
  by mail.internal with SMTP; 9 Jul 2001 02:28:44 -0000
Message-ID: <3B492672.55E0ADC8@clublinux.org>
Date: Sun, 08 Jul 2001 22:35:14 -0500
From: steve <steve@clublinux.org>
X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.6 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: freebsd-security@freebsd.org
Subject: cvsup and security
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi,
	I've been installing a few ports (great tool btw), and I've noticed
that typing 'make install' in an app directory will perform an md5
checksum to verify that the download is legit and not corrupt.  Is there
anything similar done when using cvsup?  Is there anyway to verify that
the ports collection update that I'm receiving through cvsup is legit
and not "trojaned" or altered in some other way?

Thanks in advance,
Steve

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message