From owner-freebsd-stable@FreeBSD.ORG Tue Nov 18 00:57:15 2003 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4761216A4CE for ; Tue, 18 Nov 2003 00:57:15 -0800 (PST) Received: from smtp.des.no (flood.des.no [217.116.83.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3C80D43FD7 for ; Tue, 18 Nov 2003 00:57:14 -0800 (PST) (envelope-from des@des.no) Received: by smtp.des.no (Pony Express, from userid 666) id 430F35308; Tue, 18 Nov 2003 09:57:13 +0100 (CET) Received: from dwp.des.no (des.no [80.203.228.37]) by smtp.des.no (Pony Express) with ESMTP id E170E530D; Tue, 18 Nov 2003 09:56:56 +0100 (CET) Received: by dwp.des.no (Postfix, from userid 2602) id CA56A33C68; Tue, 18 Nov 2003 09:56:56 +0100 (CET) To: Colin Percival References: <5.0.2.1.1.20031117165641.03101720@popserver.sfu.ca> From: des@des.no (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=) Date: Tue, 18 Nov 2003 09:56:56 +0100 In-Reply-To: <5.0.2.1.1.20031117165641.03101720@popserver.sfu.ca> (Colin Percival's message of "Mon, 17 Nov 2003 17:00:16 +0000") Message-ID: User-Agent: Gnus/5.090024 (Oort Gnus v0.24) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on flood.des.no X-Spam-Level: ss X-Spam-Status: No, hits=2.5 required=5.0 tests=RCVD_IN_DYNABLOCK autolearn=no version=2.60 cc: Carol Overes cc: freebsd-stable@freebsd.org Subject: Re: Secure updating of OS and ports X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Nov 2003 08:57:15 -0000 Colin Percival writes: > At 06:02 17/11/2003 -0800, Carol Overes wrote: > > I'm thinking of updating kernel and binaries with > > patches form ftp.freebsd.org which are siganed with > > the PGP key of the security officers. However, this > > has to be hand-made patching. Does anyone know a > > secure way via for example cvsup ? > CVSup is insecure. FreeBSD Update might do what you want, but > you'd have to trust me. :) ...and three-hundred-odd FreeBSD developers. At some point you just have to stop doubting and start trusting. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no