From owner-freebsd-chat@FreeBSD.ORG Sat Jun 21 10:54:10 2003 Return-Path: Delivered-To: freebsd-chat@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2331C37B404 for ; Sat, 21 Jun 2003 10:54:10 -0700 (PDT) Received: from tulip.epweb.co.za (tulip.epweb.co.za [196.14.166.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1A81A43F3F for ; Sat, 21 Jun 2003 10:54:07 -0700 (PDT) (envelope-from ultraviolet@tulip.epweb.co.za) Received: from tulip.epweb.co.za (localhost.epweb.co.za [127.0.0.1]) by tulip.epweb.co.za (8.12.9/8.12.9) with ESMTP id h5LHsKvD019098 for ; Sat, 21 Jun 2003 19:54:20 +0200 (SAST) (envelope-from ultraviolet@tulip.epweb.co.za) Received: (from ultraviolet@localhost) by tulip.epweb.co.za (8.12.9/8.12.9/Submit) id h5LHsESD019097 for chat@freebsd.org; Sat, 21 Jun 2003 19:54:14 +0200 (SAST) Date: Sat, 21 Jun 2003 19:54:14 +0200 From: William Fletcher To: chat@freebsd.org Message-ID: <20030621175414.GC18653@tulip.epweb.co.za> References: <20030621163835.GA18653@tulip.epweb.co.za> <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="/Uq4LBwYP4y1W6pO" Content-Disposition: inline In-Reply-To: <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca> User-Agent: Mutt/1.4i Subject: Re: Cryptographically enabled ports tree. X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: ultraviolet@epweb.co.za List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Jun 2003 17:54:10 -0000 --/Uq4LBwYP4y1W6pO Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > At 18:38 21/06/2003 +0200, William Fletcher wrote: > >What I'm wondering about, is when FreeBSD is going to get > >get a cryptographically signed ports tree system setup. > > > >It isn't a must, I was just wondering other peoples opinions about this. >=20 > I've been thinking about this for a while; unfortunately I have neither= =20 > the time to implement this right now, nor enough familiarity with CVS to= =20 > make it work automagically. > If nothing happens before September, I'll probably corner some people a= t=20 > BSDCon to talk about this. >=20 > Colin Percival One other thing while I'm at making a clown of myself. Wouldn't it be an absolute joke if someone rooted a redhat box on your network, dns poisoned for cvsup.*.freebsd.org and promptly=20 found a way to create a cvsup-mirror on another machine with modified source.=20 They could then trojan /usr/src and /usr/ports and probably gain root on all your machines running FreeBSD, quick and easy.=20 Just wanted the general publics opinion of that too. Anyway, home time, expect interesting responses on monday morning. (Will sign up to security-general again). PS. Some people work for companies which inflict redhat on them. :/ =20 --=20 William Fletcher (ultraviolet) Powered by http://www.FreeBSD.org/ IT Administrator, EPWeb networks. =20 http://www.epweb.co.za/ =20 Tel: +27 (041) 395 6800 =20 Fax: +27 (041) 395 6818=09 Support: support@epweb.co.za --/Uq4LBwYP4y1W6pO Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+9JvGju3fq0dMPxsRAkSoAJsFLZtne1SkaOoF6cEVQVe+uE9M0gCfQRTb 9GFZt5MBDpjFwikWTks9+Ic= =NLzk -----END PGP SIGNATURE----- --/Uq4LBwYP4y1W6pO--