From owner-freebsd-questions@FreeBSD.ORG  Sun Jan 13 12:14:09 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 41E2316A421
	for <freebsd-questions@freebsd.org>;
	Sun, 13 Jan 2008 12:14:09 +0000 (UTC)
	(envelope-from bunchou@googlemail.com)
Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.190])
	by mx1.freebsd.org (Postfix) with ESMTP id 9EF2613C455
	for <freebsd-questions@freebsd.org>;
	Sun, 13 Jan 2008 12:14:07 +0000 (UTC)
	(envelope-from bunchou@googlemail.com)
Received: by rv-out-0910.google.com with SMTP id l15so1778110rvb.43
	for <freebsd-questions@freebsd.org>;
	Sun, 13 Jan 2008 04:14:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=googlemail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	bh=4tkgi+87dwk4pRbDzpeeci5A1DVjPeV9Y4FbFUYq/Ss=;
	b=KXOkoGVIwZ6EH7Fp4nsIuo7mWcig/b3To6q3F3HIVJ2IaqyGzq+0LUGe+xqvxozYY+6q3RXTcTHy/VYJZLmWPdegkvfGhXsVnwFk96gpw5u6SiVM6T9ss9Ob7xakVYKP5GKLqARi9eDhVWRCywCRw0ed33yoABaXCXif1+/SyXI=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma;
	h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=QjHZ/otPK5V5f5/uqIPlPb9aw/u667prD3HakptrVDVeQSq83hrKkK7bJDno0u2mpwVSDlZ1rA0Al0NfyVl5rAc2BHcT84chbUR37uEpZpLeY1CGWjjgDRtJfNuRQyb3Y1izC0plrDrm8WzkPOkkxUBfZ0xGkdeR3Ds6hk9lkwI=
Received: by 10.141.98.13 with SMTP id a13mr3129804rvm.222.1200226447596;
	Sun, 13 Jan 2008 04:14:07 -0800 (PST)
Received: by 10.141.128.21 with HTTP; Sun, 13 Jan 2008 04:14:07 -0800 (PST)
Message-ID: <cb5b777d0801130414l1f1427cekb49ee29a46140bf7@mail.gmail.com>
Date: Sun, 13 Jan 2008 13:14:07 +0100
From: "=?ISO-2022-JP?B?GyRCSjhEOxsoQg==?=" <bunchou@googlemail.com>
To: freebsd-questions@freebsd.org, "Erik Cederstrand" <erik@cederstrand.dk>
In-Reply-To: <4789F7DE.9090905@cederstrand.dk>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-2022-JP
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <cb5b777d0801130217r6467751ay634d0111617afc05@mail.gmail.com>
	<4789F7DE.9090905@cederstrand.dk>
Cc: 
Subject: Re: Secure update of /usr/src
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Jan 2008 12:14:09 -0000

2008/1/13, Erik Cederstrand <erik@cederstrand.dk>:
> 文鳥 wrote:
> > Hello all,
> >
> > is there any way to securely follow the STABLE branch of FreeBSD, e.g.
> > a cryptographically signed distribution method like portsnap? Afaik,
> > the usual update methods (CVSup, etc.) do not include any
> > authentication / integrity checking. Am I missing something here?
>
> freebsd-update(8) is portsnap for the base system. However, you can only
> follow RELEASE branches, not STABLE.
>
> Erik
>
Thanks for the reply. Unfortunately, I need to follow STABLE and (to
be policy-compliant) at the same time make sure that the code has not
been tampered with by, for example, checking the signature. Is there a
way to do this for STABLE?

Best regards