Date: Mon, 23 Jun 2003 15:42:28 +0100 From: Paul Robinson <paul@iconoplex.co.uk> To: chat@freebsd.org Subject: Re: Cryptographically enabled ports tree. Message-ID: <20030623144228.GB34365@iconoplex.co.uk> In-Reply-To: <20030623142058.GF24407@tulip.epweb.co.za> References: <20030621163835.GA18653@tulip.epweb.co.za> <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca> <20030621175414.GC18653@tulip.epweb.co.za> <3EF70AEA.9FAC92A9@mindspring.com> <20030623142058.GF24407@tulip.epweb.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 23, 2003 at 04:20:59PM +0200, William Fletcher wrote: > All I really want, is to know that my /usr/src and /usr/ports=20 > aren't screwed up, can't be trojaned by somebody on my local lan. But you don't mind them being trojanned by somebody with cvs commit bit on the CVS servers that your ports and /usr/src come from? =20 > I don't trust local networks, especially ones with all sorts of > clowns running all sorts of installations.=20 You don't trust your local network, but you do trust the rest of the=20 Internet? I want to meet you. You're funny.=20 You're worse than the guy I know whose Solaris boxes keep getting rooted and he just re-installs the original OS without patching because "they'll get= =20 in eventually anyway". Crypto-signing ports and packages does not solve the problem you want to solve. It just creates a sense of false security. If you are paranoid, inspect source before running make. If you don't want to, accept you have to trust the site it came from. If you can't inspect the source and you can't trust the site, either don't run the code, expect to be 0wned one day, or delete your FreeBSD parition and buy all your software from an approved Microsoft reseller[1]. Personally, I trust occasional inspections over code, watching the output o= f=20 the cvs grab in the daily run, and trusting the sites I got it from. If the= y=20 were crypto-signed I would: - not see ports being upgraded so quickly - be trusting somebody I don't know anyway who is just the passphrase holde= r=20 for a key belonging to a project made up of volunteers who created a signin= g=20 authority that doesn't actually exist as a legal entity (Lord Archer has=20 more credibility than that) - expect more ports to fail to build - expect more porters to ask "wtf is the point? I'll just keep it on Linux= =20 because it's easy and I'm lazy" - realise that I have approximately 0% more security for 10% more effort on= =20 the porters part This is soooooo bikeshed it makes my installer thread from last week look critical to the project's success... which obviously it isn't[2] to anybody but me. :-)) --=20 Paul Robinson [1] It goes without saying, this is not sensible advice. I was being ironic= .=20 buying your software from an approved MS reseller is the quickest way to=20 your machine being ripped apart by 14-year olds in California I know. With= =20 the exception of 2003 Server, which seems fine. To me. [2] ... yet :-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030623144228.GB34365>