Date: Sun, 22 Jun 2003 08:46:45 +0100 From: Colin Percival <colin.percival@wadham.ox.ac.uk> To: David Schultz <das@FreeBSD.org> Cc: chat@FreeBSD.org Subject: Re: Cryptographically enabled ports tree. Message-ID: <5.0.2.1.1.20030622084009.01c8d600@popserver.sfu.ca> In-Reply-To: <20030622055900.GA60949@HAL9000.homeunix.com> References: <5.0.2.1.1.20030622044124.02cc0948@popserver.sfu.ca> <5.0.2.1.1.20030622022111.02c1cdf8@popserver.sfu.ca> <5.0.2.1.1.20030621193449.02c91ce8@popserver.sfu.ca> <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca> <20030621163835.GA18653@tulip.epweb.co.za> <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca> <5.0.2.1.1.20030621193449.02c91ce8@popserver.sfu.ca> <5.0.2.1.1.20030622022111.02c1cdf8@popserver.sfu.ca> <5.0.2.1.1.20030622044124.02cc0948@popserver.sfu.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
At 22:59 21/06/2003 -0700, David Schultz wrote: >If you just want to know that the bits you have came from >freebsd.org, that's another thing. The technology to do that >already exists in cvsup, as long as you trust the mirrors. (Most >of them probably don't use authentication right now, but that can >be fixed, I'm sure, if enough people are concerned about it.) Well, sort of. The authentication in cvsup relies upon starting with a shared secret, which isn't an option for the general public. >If your whole point is that you don't trust the mirrors, then maybe >you have a case for signing deltas on the master... Exactly. I might, grudgingly, be willing to trust the people who run the cvsup mirrors -- although I'd really rather not -- but trusting the security, physical and electronic, of the mirrors is quite a different matter. Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.1.20030622084009.01c8d600>