From owner-freebsd-security@FreeBSD.ORG Tue Nov 20 16:31:06 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8E0AE6DE for ; Tue, 20 Nov 2012 16:31:06 +0000 (UTC) (envelope-from gpalmer@freebsd.org) Received: from noop.in-addr.com (mail.in-addr.com [IPv6:2001:470:8:162::1]) by mx1.freebsd.org (Postfix) with ESMTP id 52F9D8FC14 for ; Tue, 20 Nov 2012 16:31:06 +0000 (UTC) Received: from gjp by noop.in-addr.com with local (Exim 4.80.1 (FreeBSD)) (envelope-from ) id 1Taqix-0001ag-C3; Tue, 20 Nov 2012 11:30:59 -0500 Date: Tue, 20 Nov 2012 11:30:59 -0500 From: Gary Palmer To: Eitan Adler Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] Message-ID: <20121120163059.GD88593@in-addr.com> References: <20121120030445.GA38037@zjl.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: gpalmer@freebsd.org X-SA-Exim-Scanned: No (on noop.in-addr.com); SAEximRunCond expanded to false Cc: freebsd-security@freebsd.org, "xenophon\\+freebsd" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2012 16:31:06 -0000 On Tue, Nov 20, 2012 at 11:26:42AM -0500, Eitan Adler wrote: > On 20 November 2012 04:54, xenophon\+freebsd > wrote: > >> As of now: > >> > >> - SVN is *the* source of truth. > > > > Would it be possible to publish FreeBSD's Subversion repository using > > HTTPS, instead of HTTP? > > %svn ls https://svn0.us-west.FreeBSD.org/base/ You will get a certificate warning. The certificates used do not appear to be officially signed by a recognised CA. The hashes of the certificate keys are on the mirror website I pointed out in my email Regards, Gary