From owner-freebsd-stable@FreeBSD.ORG Tue Nov 18 08:33:32 2003 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC5F416A4CF for ; Tue, 18 Nov 2003 08:33:32 -0800 (PST) Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id C031143F75 for ; Tue, 18 Nov 2003 08:33:31 -0800 (PST) (envelope-from imp@bsdimp.com) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.12.9p2/8.12.9) with ESMTP id hAIGXQeG058220; Tue, 18 Nov 2003 09:33:27 -0700 (MST) (envelope-from imp@bsdimp.com) Date: Tue, 18 Nov 2003 09:32:02 -0700 (MST) Message-Id: <20031118.093202.131522893.imp@bsdimp.com> To: des@des.no From: "M. Warner Losh" In-Reply-To: References: <5.0.2.1.1.20031117165641.03101720@popserver.sfu.ca> X-Mailer: Mew version 2.1 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable cc: caroloveres@yahoo.com cc: freebsd-stable@freebsd.org cc: colin.percival@wadham.ox.ac.uk Subject: Re: Secure updating of OS and ports X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Nov 2003 16:33:32 -0000 In message: des@des.no (Dag-Erling Sm=F8rgrav) writes: : Colin Percival writes: : > At 06:02 17/11/2003 -0800, Carol Overes wrote: : > > I'm thinking of updating kernel and binaries with : > > patches form ftp.freebsd.org which are siganed with : > > the PGP key of the security officers. However, this : > > has to be hand-made patching. Does anyone know a : > > secure way via for example cvsup ? : > CVSup is insecure. FreeBSD Update might do what you want, but : > you'd have to trust me. :) : = : ...and three-hundred-odd FreeBSD developers. : = : At some point you just have to stop doubting and start trusting. cvsup is secure from everything except man in the middle or redirection attacks. When you run cvsup over an ssh-tunnel, you can solve these problems if you trust the cvsup running on the localhost you ssh to. Warner