From owner-freebsd-current@freebsd.org  Sat Jan  2 07:36:06 2021
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3AFE64C60E0
 for <freebsd-current@mailman.nyi.freebsd.org>;
 Sat,  2 Jan 2021 07:36:06 +0000 (UTC)
 (envelope-from phk@critter.freebsd.dk)
Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4D7DGG0Qvtz3JyL;
 Sat,  2 Jan 2021 07:36:05 +0000 (UTC)
 (envelope-from phk@critter.freebsd.dk)
Received: from critter.freebsd.dk (v-critter.freebsd.dk [192.168.55.3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by phk.freebsd.dk (Postfix) with ESMTPS id 8D58B8A3C5;
 Sat,  2 Jan 2021 07:35:58 +0000 (UTC)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
 by critter.freebsd.dk (8.16.1/8.16.1) with ESMTPS id 1027Zwmf060084
 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO);
 Sat, 2 Jan 2021 07:35:58 GMT (envelope-from phk@critter.freebsd.dk)
Received: (from phk@localhost)
 by critter.freebsd.dk (8.16.1/8.16.1/Submit) id 1027ZvoB060083;
 Sat, 2 Jan 2021 07:35:57 GMT (envelope-from phk)
To: Shawn Webb <shawn.webb@hardenedbsd.org>
cc: Li-Wen Hsu <lwhsu@freebsd.org>, Christian Weisgerber <naddy@mips.inka.de>, 
 freebsd-current <freebsd-current@freebsd.org>
Subject: Re: HEADS UP: FreeBSD src repo transitioning to git this weekend
In-reply-to: <20210102021254.35o3snqb5fcvmbt3@mutt-hbsd>
From: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
References: <20201223162417.v7Ce6%steffen@sdaoden.eu>
 <20201229011939.GU31099@funkthat.com>
 <20201229210454.Lh4y_%steffen@sdaoden.eu>
 <20201230004620.GB31099@funkthat.com>
 <CAD2Ti2-4xS5n0+1oLOHyFh4+OCnwtNAAwMkkWzwRVDnt-xmb1Q@mail.gmail.com>
 <20201231193908.GC31099@funkthat.com>
 <CAD2Ti2-dKMOx2-k71UyZs1kAGCXPuVwO9ee861oRFNV=aCfuqA@mail.gmail.com>
 <20210101140857.x3hbci6c4nwi7gl7@mutt-hbsd>
 <slrnruv17k.rlr.naddy@lorvorc.mips.inka.de>
 <CAKBkRUy_MJDpROVbX=MhvHvdBJTEaYU83cHMHaqsEDcLX4KKRw@mail.gmail.com>
 <20210102021254.35o3snqb5fcvmbt3@mutt-hbsd>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <60081.1609572957.1@critter.freebsd.dk>
Date: Sat, 02 Jan 2021 07:35:57 +0000
Message-ID: <60082.1609572957@critter.freebsd.dk>
X-Rspamd-Queue-Id: 4D7DGG0Qvtz3JyL
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	 REPLY(-4.00)[]
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Jan 2021 07:36:06 -0000

As interesting as this thread has been (not!), let me remind everybody
that the cheapest, easiest and most efficient and profitable way
for a Nation State Actor to trojan the FreeBSD code-base, is to
assign an employee to a deniable job, and have them become a FreeBSD
committer.

No amount of cryptography can or will protect against that.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.