From owner-freebsd-security@freebsd.org  Fri Sep 18 11:29:48 2020
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4F5453E06B0
 for <freebsd-security@mailman.nyi.freebsd.org>;
 Fri, 18 Sep 2020 11:29:48 +0000 (UTC) (envelope-from gjb@freebsd.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "freefall.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4BtBSr1NGFz4RNb;
 Fri, 18 Sep 2020 11:29:48 +0000 (UTC) (envelope-from gjb@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
 t=1600428588;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 in-reply-to:in-reply-to:references:references;
 bh=weGVaf6hi7q184GE4cgDLGtdEz8gVXd37bljjeQY8z0=;
 b=OC+a14t5UE7DaJBKDIsbMK2tiuQnurBflGrwx2/ms3uSzzMylocHX0dV5CNboZLCEQGLww
 JPaKno34JGDaad4kFeCuTwP4XfhET6PhpeYk5OLqW1h8tjky8fvWPnTN2CnIKkmcXZVgSj
 MGDPx8KKVaGMTPc++/KcZ9s1x/gAGUZ51P0kX+j76DR0d2Ky7D9y/Y83uyDv2B3POfdVTu
 pUf8Da7dA5/MJSrRgBPgjRmPFgbmUVPQssNAnFlQ6eX1dGHoCUWq0VkL5tzL/NDL94+N+h
 wLHo+/M6A7TZ6XF+MiksxB/9XtaB1x5gC1kJXz9NL6Fx3jmYPpAbC6zF0jH+0g==
Received: from FreeBSD.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by freefall.freebsd.org (Postfix) with ESMTPS id CD71717B42;
 Fri, 18 Sep 2020 11:29:47 +0000 (UTC) (envelope-from gjb@freebsd.org)
Date: Fri, 18 Sep 2020 11:29:45 +0000
From: Glen Barber <gjb@freebsd.org>
To: grarpamp <grarpamp@gmail.com>
Cc: freebsd-security@freebsd.org
Subject: Re: 12.2R Sigs
Message-ID: <20200918112945.GJ26726@FreeBSD.org>
References: <CAD2Ti2-YFpWp3-Ctc+raDhrW=4GQ0oQvX2Uau9QHrxU3yTS-ag@mail.gmail.com>
 <20200917204102.GG26726@FreeBSD.org>
 <CAD2Ti2_ewtpH5wiZZKB=p+2u2+UpRGuD+tpF55NDP+FuNU8XrA@mail.gmail.com>
 <20200918001257.GI26726@FreeBSD.org>
 <CAD2Ti28c74jVbt2u9X1M7GHf+4d4YuZAQbDTg8rftBFNQZjpGQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="VIOdPewhitSMo36n"
Content-Disposition: inline
In-Reply-To: <CAD2Ti28c74jVbt2u9X1M7GHf+4d4YuZAQbDTg8rftBFNQZjpGQ@mail.gmail.com>
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
 s=dkim; t=1600428588;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 in-reply-to:in-reply-to:references:references;
 bh=weGVaf6hi7q184GE4cgDLGtdEz8gVXd37bljjeQY8z0=;
 b=VzKjqYSVMC3vN7S6sXVgbn22YgGOTwGNOexsT0jiKA8oKO9tJvjFH42oD3AUlKJFpJPTK8
 B/HSMewXsJLYdy9QCdQfCj1riyrJzgw1RlKlUn9vvEWSzupooGTU5FgTmKOaQEQ5+6TuXH
 BrD7Mi71Dh7cfTP7FCKV5UbqtWiqL14lNIDmJIQza/QaRMrpjxyxq8h0E6gAWtu2YxDeZN
 0dex6sEIIE0zznfK4CrGfSZQGGorDRx1QZ70x6Lm8D5W27N717ACXkM+UHdkcjxD/PcSW/
 XUG1oblBFhUUKv1T6xUuJbyIN/qNt5umINqNAqvTx1/xxCwQUdqRHaJV/KONEA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1600428588; a=rsa-sha256; cv=none;
 b=o5h68ZyW/5X13ba2mbmE1nQ52fQIGizj/klA3su+maPF6WFDf1ycVIxkTkGgUQiJREiKZC
 4wuA/TYWFhUgsJghJhgzsTaqt5Z5pkCaPyAkT8A5igck+cWroaG4DH+3pG2Cp6JhPV7RZN
 D6Bb09n7pW3jZ8gWK2gW9DCqN192IN7UlP8IY1hlI5XEKxDZsQDo5yk1N5/y5Pxxf12CA7
 ogURf8WV+pr3LqfdvDRDN+5QYAm/VdvP/AjiTbQh88c0xjrLzLNfhRfP1ezkFyk8ubqVgv
 gTwRIcK9gLoEmDmFacCwYH2L5+g5+J7MVGJgKqBnpJl3jdClhfpT6C5OC1PiWQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Sep 2020 11:29:48 -0000


--VIOdPewhitSMo36n
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Sep 17, 2020 at 09:09:26PM -0400, grarpamp wrote:
> >> > And there is the PGP-signed email to stable@ that contains
> >> > them.
> >>
> >> Future noting that lists do not support foreknown path schemes
> >> for that data. Whereas repo, website and dataset locations are more
> >> predictable and programmatic... allowing fetching, validation, etc.
> >
> > And for RC builds, they are predictable and programmatic.
>=20
> Users would have to get and search the entire lists content to
> find such sig posts, unfortunately no there are no nice predicted
> paths to such single emails supporting simple fetch of associated
> sig infos, ie: no schema <service>://<path_to_data>/13.x/<foo>.asc
>=20
> Mail are not, it can't... ie: it has no hier, path, file globbing regex *=
, etc.
>=20
> The website and distribution methods mentioned earlier are
> possible. (Now just for RC and RELEASE, as clarified in thread.)
>=20
> Website has them in nice paths today,
>=20
> individually...
> https://www.freebsd.org/releases/12.1R/signatures.html
>=20
> and in bulk...
> https://www.freebsd.org/releases/12.1R/announce.asc
>=20
> but they are not present in what should be their natural
> cohabitation set within the other distribution methods,
> such as the case of https / ftp / rsync / torrent / etc for...
> https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/12.1/
>=20
> > I am not on postmaster.
>=20
> What that mean in context?
> Only some volunteer for that role, as any other,
> it's ok not to be in two or more of them.

Sorry, something you said was misinterpreted by me, and I was answering
something that I thought you had asked, but had not.  So it is a bit
difficult for me to explain what I meant with this part of my reply.

In any case, after the doc tree is tagged (which is included on the
installation medium for reproducibility), RC1 and subsequent RCs and the
final RELEASE build will be programmatically fetchable.  The
announce.asc file is only created for the final RELEASE build, however.

Glen


--VIOdPewhitSMo36n
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEjRJAPC5sqwhs9k2jAxRYpUeP4pMFAl9kmiMACgkQAxRYpUeP
4pPSWxAAjrQWg+vjq7B4XoOQAqmPLorAFer0oZAhKT79P8R9TcWKWFcyckAkEcRH
vv9D0axY0uuNvRoMZR7QUCxtuB+snshmrvT5GQ3hnnzTe20wRAUVwlZPSJLEwmOf
ljLplk94LpZMyW4N1Kb8dTY004Xl+XR7kRLtpnHsww0DJAxJPgBb48shvbMv6eGB
Vj8KR3HVLojUw9DinIyGffRoJEzOORgLusPlBvSOojRurIgX/Wtbol61I8NHwsi9
P4PKiwxuDhaH1X4J6mOGF3CLYNcOXjFZPnLaOrBVKXQbrJpkIOne9kFGatrJ4lQG
m5Qd9ll+yvsShEDVxKjBytaIlnaka77G0ezpX6sA3Fnid0NwGu7dsJWbtSx2AF80
N5vnll9znDBo0QUQjdQxKkK4t1HcAYfpefJqcLrotBbwmB+VkflsxS/etwGlFsSV
5JsH+y+UGxqM6FxWqr+p/R40nkQAh2tmtBPmkA36v0laURJ1KWzmV2nn9vcWi91C
IUB1atZjfX+JmmBsKE3qlxBUOjkJf/cjTcbUS5D8re3yFRrrrS5Pi7OEweYVwWYs
eEjk7LA4xUiAnBzgeSg7EO3XxkDrcEpIvlgj+sa8krvYGifKOBHWuDY4lYCyWOn6
NtjTbI9Ts9afPSgxzhEKnjCo5GduB8cH+q3JoDZ5bmhPkD1xnrQ=
=bcf4
-----END PGP SIGNATURE-----

--VIOdPewhitSMo36n--