Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 28 Sep 2012 21:39:11 +0100
From:      Matthew Seaman <matthew@FreeBSD.org>
To:        Ed Flecko <edflecko@gmail.com>
Cc:        freebsd-questions@FreeBSD.org
Subject:   Re: svn checkout "head" or "stable"
Message-ID:  <50660AEF.2010301@FreeBSD.org>
In-Reply-To: <CAFS4T6YzbqQuqiHmyQdNtmS9OW_Kyodx46wT5wYgCk2p1bF=Eg@mail.gmail.com>
References:  <CAFS4T6bMvrPFBECkT_dOZd4XWTAFt_-j62fO1C8YS8C38wpNXw@mail.gmail.com> <alpine.BSF.2.00.1209280014410.2700@mail.fig.ol.no> <CAFS4T6YPpZTRRjOVmSxE8L3D4w1SMFT4_W8GEJogUODRuwKmxw@mail.gmail.com> <alpine.BSF.2.00.1209280100460.2700@mail.fig.ol.no> <20120928102822.GD2389@kontrol.kode5.net> <alpine.BSF.2.00.1209281237010.2700@mail.fig.ol.no> <20120928115700.GE2389@kontrol.kode5.net> <CAFS4T6bxr%2BtZbMXF9Kr%2Bn%2BmRTZQuPtbtAK2QSHDwoy=pmnDOrg@mail.gmail.com> <CAHAXwYD%2BoohtWcYjeN%2BiHWfJonWaK7Jo1hcqtbMECM=AhAQ6sw@mail.gmail.com> <CAFS4T6YzbqQuqiHmyQdNtmS9OW_Kyodx46wT5wYgCk2p1bF=Eg@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigFF40796CB93DE82FDAE78BC9
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 28/09/2012 20:41, Ed Flecko wrote:
> David - I'd like to, but every time I try that it prompts me for a
> password...and I don't know what password it wants???

That would be the password to a freebsd.org account, which isn't going
to work for most people on two counts:

   * freebsd.org uses SSH keys for authentication, not passwords.

   * even if you've got a SSH key, not being a FreeBSD committer you
     probably don't have a freebsd.org account.

For anonymous access, you can use http or svn.  Given that anonymous
access is read-only, there's really not much to be gained from SSH or
other means of encrypting the connection, either for you, or for the
FreeBSD servers.  It's anonymous, so you don't care about
authentication.  FreeBSD sources are publicly available, so you don't
care about anyone eavesdropping on the traffic.  About the only thing
you're still exposed to is a man-in-the-middle attack, where someone
could pose as a FreeBSD server and feed you a trojanned set of sources
-- but then, you'ld still be exposed in exactly the same way even using
svn+ssh.  In practice, attacks of this type are very (pretty much
vanishingly) rare.  If they do concern you, then use portsnap(8) /
freebsd-update(8) which has specific cryptographic protection against
such things.  The portsnap and freebsd-update build systems also have
special access to the master FreeBSD repositories to minimize the
chances that they themselves could be fed trojanned sources.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey



--------------enigFF40796CB93DE82FDAE78BC9
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBmCvcACgkQ8Mjk52CukIw94wCdFfY1TIHrPZvTZb1xb4KelM8u
G3IAnjl1Xf3m6EU6Z8V6BgkiEyg7AfmV
=+60g
-----END PGP SIGNATURE-----

--------------enigFF40796CB93DE82FDAE78BC9--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50660AEF.2010301>