Date: Wed, 31 Jan 2007 15:41:42 -0800 From: Colin Percival <cperciva@freebsd.org> To: Peter Jeremy <peterjeremy@optushome.com.au> Cc: cvs-ports@FreeBSD.org, Gabor Kovesdan <gabor@FreeBSD.org>, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/audio/gnump3d Makefile distinfo ports/devel/bglibs Makefile ports/devel/cppi Makefile ports/devel/cvsd Makefile ports/dns/walker Makefile distinfo ports/ftp/lftp Makefile distinfo ports/ftp/twoftpd Makefile ... Message-ID: <45C12936.4050004@freebsd.org> In-Reply-To: <20070130182032.GD892@turion.vk2pj.dyndns.org> References: <200701291905.l0TJ57fG093002@repoman.freebsd.org> <20070130182032.GD892@turion.vk2pj.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I replied to some people about this privately, but since it's still being discussed on the list... Peter Jeremy wrote: > On Mon, 2007-Jan-29 19:05:07 +0000, Gabor Kovesdan wrote: >> Our MD5 and SHA256 are good for checking both the sanity and the >> trustiness of distfiles. > > Except that the MD5 and SHA256 checksums can't be totally trusted. > There are a variety of MITM attacks which could allow someone to alter > checksums stored on an end-user hosts. I think it's unfortunate that > the security team was not involved in this decision. Short answer: I wasn't involved in the discussion before this option was removed, but I agree with its removal. Long answer: I can't think of any circumstances where an attacker who could play games with the distinfo files would not also be able to play games with the Makefile logic -- i.e., USE_GPG protects against precisely zero attackers. The correct place for GPG to be used is to make sure that ports committers are committing the correct distinfo files in the first place, and this wasn't what USE_GPG did (or would have done if it had ever been committed, which it wasn't). Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45C12936.4050004>