Date: Sat, 16 Jan 2010 20:05:28 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Angelin Lalev <lalev.angelin@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Secure method for fetching freebsd sources ? Message-ID: <4B521C08.8050803@infracaninophile.co.uk> In-Reply-To: <532b03711001161041v2400389v915c0fee80dcd840@mail.gmail.com> References: <532b03711001161041v2400389v915c0fee80dcd840@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig10D37803F6ACE133F6785072 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Angelin Lalev wrote: > Greetings, >=20 > Which is the *secure* way of fetching freebsd sources? > Cvsup looks prone to MiM attacks, CTM looks promising, but only if I > have been member of the appropriate ctm list since the release of 8.0. > (it seems that the ctm deltas on the ftp are not signed.). > Do FreeBSD cvs servers support ssh instead of rsh access as OpenBSD ser= ver do? > Other alternatives? >=20 > Please note that this is not a theoretical question. I really have a > system which i'll put in a place I don't trust, so I'll try to encrypt > everything from the disk to the connections which I will use for > updating. You can use freebsd-update(8) to fetch system sources as well as binary updates. Updates are cryptographically secured -- whether this is enough= for your application is a judgement call you will have to make. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enig10D37803F6ACE133F6785072 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREIAAYFAktSHA0ACgkQ8Mjk52CukIyq4QCfWNPh8BRdIKh3wnAp43UEzd31 rhsAn3R2w2oVsHOw+zsj501ZZEgnuShf =H+gA -----END PGP SIGNATURE----- --------------enig10D37803F6ACE133F6785072--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B521C08.8050803>