Date: Tue, 11 Feb 2014 08:41:24 +0100 (CET) From: =?ISO-8859-1?Q?Trond_Endrest=F8l?= <Trond.Endrestol@fagskolen.gjovik.no> To: "C. P. Ghost" <cpghost@cordula.ws> Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: Verifying a subversion checkout Message-ID: <alpine.BSF.2.00.1402110834090.90985@mail.fig.ol.no> In-Reply-To: <CADGWnjUgW%2BORTn=aRE4R-i3NA-1EQS6Oq%2BkXG9vVb_trHwy9vA@mail.gmail.com> References: <CADGWnjUgW%2BORTn=aRE4R-i3NA-1EQS6Oq%2BkXG9vVb_trHwy9vA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 11 Feb 2014 08:26+0100, C. P. Ghost wrote: > Hello, > > is there a way to automatically verify that the checkout > of a random subversion revision of /usr/src hasn't been > tampered with? > > I'm worried about the possibility of > 1/ an MitM attack while fetching the sources HTTPS would be the best option, compared to pure SVN and HTTP access. > 2/ changes to the local /usr/src for whatever reasons Look into the svn status command. See svn --help status for all possible options. Otherwise, a complete new checkout would hopefully eliminate any wrongdoing. Protecting, handholding and keeping your own local svn mirror updated might be another option. > 2/ isn't so critical; there's always the possibility to check > them from another machine, provided checksums were > created immediately after the svn update. It's 1/ that's > bothering me. > > Or, asked differently, does SVN protocol support some > kind of authentication that thwarts man-in-the-middle > attacks? > > Of course, at release points, we always have checksums > for the ISO images. That's security-wise the only point > where I'm sure that I'm running from genuine sources. > It's what's in-between releases that I'm asking about. > > Thanks, > -cpghost. -- +-------------------------------+------------------------------------+ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +-------------------------------+------------------------------------+
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1402110834090.90985>