Date: Tue, 12 Dec 2017 18:15:28 +0000 From: Matthew Finkel <matthew.finkel@gmail.com> To: Jan Bramkamp <crest@rlwinm.de> Cc: freebsd-security@freebsd.org Subject: Re: http subversion URLs should be discontinued in favor of https URLs Message-ID: <20171212181528.trlevbjkl2aeqgrz@localhost> In-Reply-To: <f019de34-e53e-836d-641b-01c02017415d@rlwinm.de> References: <CADWvR2jnxVwXmTA9XpZhGYnCAhFVifqqx2MvYeSeHmYEybaNnA@mail.gmail.com> <19bd6d57-4fa6-24d4-6262-37e1487d7ed6@rawbw.com> <5A2DB80D.3020309@sorbs.net> <20171210225326.GK5901@funkthat.com> <99305.1512947694@critter.freebsd.dk> <86d13kgnfh.fsf@desk.des.no> <79567.1513083576@critter.freebsd.dk> <c27552cf-45d8-7686-c60d-256537780edc@denninger.net> <26440.1513088888@critter.freebsd.dk> <f019de34-e53e-836d-641b-01c02017415d@rlwinm.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 12, 2017 at 06:22:19PM +0100, Jan Bramkamp wrote: > > On 12.12.17 15:28, Poul-Henning Kamp wrote: > > For the FreeBSD SVN tree, this could almost be as simple as posting > > an email, maybe once a week, with the exact revision checked out > > and the PGP signed output of: > > > > svn co ... && find ... -print | sort | xargs cat | sha256 > > > > Such an archive would also be invaluable for reauthenticating in > > case, somebody ever manages to do something evil to our repo. > > > > > Solve the problem at the correct location -- either fix svn to sign and > > > verify updates or dump it for something that can and use that existing > > > mechanism (e.g. git) > > > > As I mentioned humoursly to you in private email, I don't think > > this particular problem will reach consensus any sooner if you > > also tangling it in the SVN vs GIT political issue. > > How about an uncompressed tarball signed with signify? It could be > replicated with rsync (or zsync) and getting security patches wouldn't > require lots of network bandwidth. Portsnap already provides signed snapshots of the tree from mirrors. The main problem is checking out the full tree as-is from the subversion servers. > > I still prefer to encrypt every transfer with PFS only protocols, but even > with transport encryption in place content authentication is still valuable > because it allows the use of caching proxies.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20171212181528.trlevbjkl2aeqgrz>