Date: Fri, 10 Oct 2014 14:55:41 -0500 From: Mark Felder <feld@FreeBSD.org> To: freebsd-ports@freebsd.org Subject: Re: PKG not quite ready for prime time Message-ID: <1412970941.2397812.177601925.2135B6F5@webmail.messagingengine.com> In-Reply-To: <543837CF.9070607@FreeBSD.org> References: <sl4g3adpms8lkd2rr38n3666et8eptsp9i@4ax.com> <543817AA.8080305@gmx.de> <he6g3apojoln19fd9d8gr2rs0koq3a6940@4ax.com> <54381E16.9070609@FreeBSD.org> <1a8g3athvnun67c4kljhjtsjjlc30116j1@4ax.com> <543837CF.9070607@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 10, 2014, at 14:47, Bryan Drewery wrote:
> On 10/10/2014 1:12 PM, scratch65535@att.net wrote:
> > On Fri, 10 Oct 2014 12:57:42 -0500, Brian Drewery wrote:
> >
> >> find /usr/share/keys/pkg -exec sha256 {} +
> >
> > No such file
>
> That's your problem. You are missing the signature fingerprints to
> compare against. As such Pkg is refusing to do anything to prevent MITM
> attacks.
>
> You are missing this:
> https://www.freebsd.org/security/advisories/FreeBSD-EN-14:03.pkg.asc
>
> freebsd-update can provide it.
>
>
Ahh, good point. This is better advice. Even if your system was
supposedly fully up to date freebsd-update would detect this is missing
and repair it as it was part of an SA. This is better advice than my
manual creation method :-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1412970941.2397812.177601925.2135B6F5>