Date: Tue, 12 Dec 2017 17:05:17 +0000 From: "Poul-Henning Kamp" <phk@phk.freebsd.dk> To: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> Cc: John-Mark Gurney <jmg@funkthat.com>, Yuri <yuri@rawbw.com>, RW <rwmaillists@googlemail.com>, Michelle Sullivan <michelle@sorbs.net>, Igor Mozolevsky <mozolevsky@gmail.com>, freebsd security <freebsd-security@freebsd.org> Subject: Re: http subversion URLs should be discontinued in favor of https URLs Message-ID: <26908.1513098317@critter.freebsd.dk> In-Reply-To: <864lovhpvr.fsf@desk.des.no> References: <20171205231845.5028d01d@gumby.homeunix.com> <CADWvR2gVn8H5h6LYB5ddwUHYwDtiLCuYndsXhJywi7Q9vNsYvw@mail.gmail.com> <20171210173222.GF5901@funkthat.com> <CADWvR2iGQOtcU=FnU-fNsso2eLCCQn=swnOLoqws%2B33V8VzX1Q@mail.gmail.com> <5c810101-9092-7665-d623-275c15d4612b@rawbw.com> <CADWvR2j_LLEPKnSynRRmP4LG3mypdkNitwg%2B7vSh=iuJ=JU09Q@mail.gmail.com> <fd888f6b-bf16-f029-06d3-9a9b754dc676@rawbw.com> <CADWvR2jnxVwXmTA9XpZhGYnCAhFVifqqx2MvYeSeHmYEybaNnA@mail.gmail.com> <19bd6d57-4fa6-24d4-6262-37e1487d7ed6@rawbw.com> <5A2DB80D.3020309@sorbs.net> <20171210225326.GK5901@funkthat.com> <99305.1512947694@critter.freebsd.dk> <86d13kgnfh.fsf@desk.des.no> <79567.1513083576@critter.freebsd.dk> <864lovhpvr.fsf@desk.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
-------- In message <864lovhpvr.fsf@desk.des.no>, =3D?utf-8?Q?Dag-Erling_Sm=3DC3=3D= B8rgrav?=3D w rites: >Let me rephrase: it's not just the source of the key or certificate, but >the path from that source to you. There is *always* some level of blind >trust, and all your suggestion does is move it from one place to >another. That is correct, and I don't see any problem in applying the usual level of trust we use in this project to that cert. For instance, our core team elections are usually run by some Norvegian dude who very few committers have actually met in real life. But the committers seem to be willing to entrust that task to him because those of us who have met this Norvegian dude agree that his zealous pedantry is well suited to running our elections :-) >The bottom line is, once again, that key distribution is hard, and that >you shouldn't make infosec decisions without having at least a vague >outline of a threat model. Absolutely. But just to sum up: We are talking about anonymous checkouts of our source tree, and as far as my analysis goes, we are long past this point: https://www.youtube.com/watch?v=3DX0bWWtTIPlg Poul-Henning -- = Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe = Never attribute to malice what can adequately be explained by incompetence= .
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?26908.1513098317>