Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 16 Jan 2010 20:05:28 +0000
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Angelin Lalev <lalev.angelin@gmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Secure method for fetching freebsd sources ?
Message-ID:  <4B521C08.8050803@infracaninophile.co.uk>
In-Reply-To: <532b03711001161041v2400389v915c0fee80dcd840@mail.gmail.com>
References:  <532b03711001161041v2400389v915c0fee80dcd840@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig10D37803F6ACE133F6785072
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable

Angelin Lalev wrote:
> Greetings,
>=20
> Which is the *secure* way of fetching freebsd sources?
> Cvsup looks prone to MiM attacks, CTM looks promising, but only if I
> have been member of the appropriate ctm list since the release of 8.0.
> (it seems that the ctm deltas on the ftp are not signed.).
> Do FreeBSD cvs servers support ssh instead of rsh access as OpenBSD ser=
ver do?
> Other alternatives?
>=20
> Please note that this is not a theoretical question. I really have a
> system which i'll put in a place I don't trust, so I'll try to encrypt
> everything from the disk to the connections which I will use for
> updating.

You can use freebsd-update(8) to fetch system sources as well as binary
updates.  Updates are cryptographically secured -- whether this is enough=

for your application is a judgement call you will have to make.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW


--------------enig10D37803F6ACE133F6785072
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREIAAYFAktSHA0ACgkQ8Mjk52CukIyq4QCfWNPh8BRdIKh3wnAp43UEzd31
rhsAn3R2w2oVsHOw+zsj501ZZEgnuShf
=H+gA
-----END PGP SIGNATURE-----

--------------enig10D37803F6ACE133F6785072--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B521C08.8050803>