Date: Sun, 8 Jul 2001 22:11:40 -0700 From: Kris Kennaway <kris@obsecurity.org> To: steve <steve@clublinux.org> Cc: freebsd-security@freebsd.org Subject: Re: cvsup and security Message-ID: <20010708221140.A35469@xor.obsecurity.org> In-Reply-To: <3B492672.55E0ADC8@clublinux.org>; from steve@clublinux.org on Sun, Jul 08, 2001 at 10:35:14PM -0500 References: <3B492672.55E0ADC8@clublinux.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--jI8keyz6grp/JLjh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sun, Jul 08, 2001 at 10:35:14PM -0500, steve wrote: > Hi, > I've been installing a few ports (great tool btw), and I've noticed > that typing 'make install' in an app directory will perform an md5 > checksum to verify that the download is legit and not corrupt. Is there > anything similar done when using cvsup? Is there anyway to verify that > the ports collection update that I'm receiving through cvsup is legit > and not "trojaned" or altered in some other way? Not currently. Note to all on the list: please resist the temptation to offer suggestions for how cvsup could be improved to achieve this unless they're in the form of patches. We all know how to do it, but the code needs to be written. Kris --jI8keyz6grp/JLjh Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7ST0LWry0BWjoQKURAvZhAJ9hSoqE/xfmUBF57YqGBtNt9Qa36QCg7QD2 7uvKpS00ci7Ie/FZqt6XToA= =5Bp3 -----END PGP SIGNATURE----- --jI8keyz6grp/JLjh-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010708221140.A35469>