From owner-freebsd-security@freebsd.org  Sat Sep 19 03:45:33 2020
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 85B1B3F953D
 for <freebsd-security@mailman.nyi.freebsd.org>;
 Sat, 19 Sep 2020 03:45:33 +0000 (UTC)
 (envelope-from grarpamp@gmail.com)
Received: from mail-ej1-x641.google.com (mail-ej1-x641.google.com
 [IPv6:2a00:1450:4864:20::641])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4Btc6h2m4Dz4XPy
 for <freebsd-security@freebsd.org>; Sat, 19 Sep 2020 03:45:31 +0000 (UTC)
 (envelope-from grarpamp@gmail.com)
Received: by mail-ej1-x641.google.com with SMTP id i26so10585709ejb.12
 for <freebsd-security@freebsd.org>; Fri, 18 Sep 2020 20:45:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to;
 bh=Ctw9XN0tpQ45poYZaiOQivyiH1adz8yBEXeggEHEuTM=;
 b=cu/3bk8PXXCLXuWZkYC19s8UCtFjkqZfZliH6hwdIp8hhPE9YyzAU31YRUzKv52+zM
 VV4ytuhWfL9CWnKWkXKAZ4LSogR5uYcumoqY27TU+/waUdN3EZc2yYswnM/8Rda3iX+C
 /xy3SAhfBlmMdSsqfPOF1O5bibGXH0K1vn6F/91VDrRESdn0xmhN1OlxZ8AK1vjlzUeR
 69sWDlptk2eJG4QIMEkoN/xuowjNissWB0Qa56ToDChtxd22X1uUD1zqEnU558DQsD3W
 t5BGKjXzkhWQjF5rJDZGti5VTLWMQG/gPOA+lb5wpzGy3XMRUJLL1OEnU1KG+5ttK2mz
 fXfA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to;
 bh=Ctw9XN0tpQ45poYZaiOQivyiH1adz8yBEXeggEHEuTM=;
 b=mNCtWHJYbfn41DRRTTjCFScfNOj/RLp94GzhlVHIeuA4XRCjQuos+NzMrw1KWTkXKD
 GO0nTUxbV4pIHqMkwkHOGhTC6dBO4kIEExURBg+atw9mtRHxoHWF5Hky1uHMZYFNprGD
 cMqKKIWIsJJTKeYDANlYQy5/0q6jdEt+t18Uh7y2UmagT2+fUbCgovPUOm1+AHcbRoo1
 BnNOgZV3kPEFKcTbtlpuQL7qcaMWZ0whVyJBIw3c5jcui7XQsc1Izmr3wUgVZ10TkgDf
 rvQNyvHRjQWeMerCjAFKjUFoNfBcYJ+MhVR0qig5K1UfW90Ao1ZzXe59zyaS0r8lE/2n
 t/fA==
X-Gm-Message-State: AOAM530doNT7WJqxOZTugu4Oy8lXegXj0ywFDeTJony5s7AAV2q8vFQB
 LFasJqJKXiCCa+USBSLwsk4Wo0BRDXdQo9e4ar35Qqr1S0IK8w==
X-Google-Smtp-Source: ABdhPJyCYyW8hpCb52TtwyVsI7um4y5l26Q1D05HRcxb5nXjxP7uwySwsGoa4O09aPqSX+luk+tX8jx5ue/wCM2b2rU=
X-Received: by 2002:a17:906:9389:: with SMTP id
 l9mr40159405ejx.537.1600487130380; 
 Fri, 18 Sep 2020 20:45:30 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:ab4:9f4a:0:0:0:0:0 with HTTP; Fri, 18 Sep 2020 20:45:29
 -0700 (PDT)
In-Reply-To: <20200918112945.GJ26726@FreeBSD.org>
References: <CAD2Ti2-YFpWp3-Ctc+raDhrW=4GQ0oQvX2Uau9QHrxU3yTS-ag@mail.gmail.com>
 <20200917204102.GG26726@FreeBSD.org>
 <CAD2Ti2_ewtpH5wiZZKB=p+2u2+UpRGuD+tpF55NDP+FuNU8XrA@mail.gmail.com>
 <20200918001257.GI26726@FreeBSD.org>
 <CAD2Ti28c74jVbt2u9X1M7GHf+4d4YuZAQbDTg8rftBFNQZjpGQ@mail.gmail.com>
 <20200918112945.GJ26726@FreeBSD.org>
From: grarpamp <grarpamp@gmail.com>
Date: Fri, 18 Sep 2020 23:45:29 -0400
Message-ID: <CAD2Ti2_nRg84TKUNGchKQWwxLRw3r+LgP-1E1E=txSBrh7iDdA@mail.gmail.com>
Subject: Re: 12.2R Sigs
To: freebsd-security@freebsd.org
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Queue-Id: 4Btc6h2m4Dz4XPy
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=cu/3bk8P;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of grarpamp@gmail.com designates
 2a00:1450:4864:20::641 as permitted sender) smtp.mailfrom=grarpamp@gmail.com
X-Spamd-Result: default: False [-3.20 / 15.00]; RCVD_TLS_ALL(0.00)[];
 ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025];
 NEURAL_HAM_MEDIUM(-0.93)[-0.930]; FROM_HAS_DN(0.00)[];
 FREEMAIL_FROM(0.00)[gmail.com]; TO_MATCH_ENVRCPT_ALL(0.00)[];
 MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org];
 TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1];
 NEURAL_HAM_LONG(-1.02)[-1.025];
 R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36];
 DKIM_TRACE(0.00)[gmail.com:+];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::641:from];
 NEURAL_HAM_SHORT(-0.25)[-0.250]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US];
 RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-security];
 DWL_DNSWL_NONE(0.00)[gmail.com:dkim]
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Sep 2020 03:45:33 -0000

> [src's] included on the
> installation medium for reproducibility

Wherever the src.tgz, they should not be considered to be
unbreakable reproducible bitwise duplicate authentic or
traceable back to any repo since there is no provable cryptographic
chain back to same, only assertions over the breaking points,
which can and do fail in various ways.
Distributed cloneable distributable repo's based on crypto are
needed to do that, perhaps such as Monotone, or at least
sign Git's init hash.

https://monotone.ca/
https://git-scm.com/

> announce.asc file is only created for the final RELEASE build

Yes as those are nice milestones :)