From owner-freebsd-stable@FreeBSD.ORG  Tue Nov 18 08:33:32 2003
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CC5F416A4CF
	for <freebsd-stable@freebsd.org>;
	Tue, 18 Nov 2003 08:33:32 -0800 (PST)
Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C031143F75
	for <freebsd-stable@freebsd.org>;
	Tue, 18 Nov 2003 08:33:31 -0800 (PST)	(envelope-from imp@bsdimp.com)
Received: from localhost (warner@rover2.village.org [10.0.0.1])
	by harmony.village.org (8.12.9p2/8.12.9) with ESMTP id hAIGXQeG058220;
	Tue, 18 Nov 2003 09:33:27 -0700 (MST)
	(envelope-from imp@bsdimp.com)
Date: Tue, 18 Nov 2003 09:32:02 -0700 (MST)
Message-Id: <20031118.093202.131522893.imp@bsdimp.com>
To: des@des.no
From: "M. Warner Losh" <imp@bsdimp.com>
In-Reply-To: <xzp7k1yxdev.fsf@dwp.des.no>
References: <5.0.2.1.1.20031117165641.03101720@popserver.sfu.ca>
	<xzp7k1yxdev.fsf@dwp.des.no>
X-Mailer: Mew version 2.1 on Emacs 21.3 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
cc: caroloveres@yahoo.com
cc: freebsd-stable@freebsd.org
cc: colin.percival@wadham.ox.ac.uk
Subject: Re: Secure updating of OS and ports
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Nov 2003 16:33:32 -0000

In message: <xzp7k1yxdev.fsf@dwp.des.no>
            des@des.no (Dag-Erling Sm=F8rgrav) writes:
: Colin Percival <colin.percival@wadham.ox.ac.uk> writes:
: > At 06:02 17/11/2003 -0800, Carol Overes wrote:
: > > I'm thinking of updating kernel and binaries with
: > > patches form ftp.freebsd.org which are siganed with
: > > the PGP key of the security officers. However, this
: > > has to be hand-made patching. Does anyone know a
: > > secure way via for example cvsup ?
: >    CVSup is insecure.  FreeBSD Update might do what you want, but
: > you'd have to trust me. :)
: =

: ...and three-hundred-odd FreeBSD developers.
: =

: At some point you just have to stop doubting and start trusting.

cvsup is secure from everything except man in the middle or
redirection attacks.  When you run cvsup over an ssh-tunnel, you can
solve these problems if you trust the cvsup running on the localhost
you ssh to.

Warner