From owner-freebsd-security@FreeBSD.ORG  Tue Nov 29 21:00:06 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4F88B16A43C
	for <freebsd-security@freebsd.org>;
	Tue, 29 Nov 2005 21:00:06 +0000 (GMT)
	(envelope-from cperciva@freebsd.org)
Received: from pd2mo1so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net
	[24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9786F43D80
	for <freebsd-security@freebsd.org>;
	Tue, 29 Nov 2005 20:58:36 +0000 (GMT)
	(envelope-from cperciva@freebsd.org)
Received: from pd4mr7so.prod.shaw.ca (pd4mr7so-qfe3.prod.shaw.ca [10.0.141.84])
	by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15
	2004)) with ESMTP id <0IQQ005F0I947T80@l-daemon> for
	freebsd-security@freebsd.org; Tue, 29 Nov 2005 13:58:16 -0700 (MST)
Received: from pn2ml3so.prod.shaw.ca ([10.0.121.147])
	by pd4mr7so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01
	(built Mar
	15 2004)) with ESMTP id <0IQQ007HFI946U00@pd4mr7so.prod.shaw.ca> for
	freebsd-security@freebsd.org; Tue, 29 Nov 2005 13:58:16 -0700 (MST)
Received: from [192.168.0.60] ([24.87.209.6])
	by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15
	2004)) with ESMTP id <0IQQ00L2TI937PE0@l-daemon> for
	freebsd-security@freebsd.org; Tue, 29 Nov 2005 13:58:16 -0700 (MST)
Date: Tue, 29 Nov 2005 12:58:15 -0800
From: Colin Percival <cperciva@freebsd.org>
In-reply-to: <000201c5f526$5a000400$e403000a@rickderringer>
To: aristeu <suporte@wahtec.com.br>
Message-id: <438CC0E7.9020409@freebsd.org>
MIME-version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: 7bit
X-Accept-Language: en-us, en
X-Enigmail-Version: 0.93.0.0
References: <000201c5f526$5a000400$e403000a@rickderringer>
User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051001)
Cc: freebsd-security@freebsd.org
Subject: Re: Reflections on Trusting Trust
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Nov 2005 21:00:06 -0000

aristeu wrote:
>> Can you explain what you mean here.  Virtually all distfiles needed to
>> build a port have MD5 and maybe SHA-256 hashes embedded in the ports
>> tree.  The only way to easily circumvent these is to subvert the ports
>> tree - which gets back to the issue of trusting the FreeBSD distribution.
>> I agree that there's currently no integrity checking on packages.
>> (And, BTW, tar has no integrity checks).
> 
> Anyone who is between you and freebsd cvsup server can make his own ports
> tree repository. That being done, he just need to redirect your connection
> and wait 'til your next cvsup sync is done.

This is why I wrote portsnap.

Colin Percival