cvs commit: ports/audio/gnump3d Makefile distinfo ports/devel/bglibs Makefile ports/devel/cppi Makefile ports/devel/cvsd Makefile ports/dns/walker Makefile distinfo ports/ftp/lftp Makefile distinfo ports/ftp/twoftpd Makefile ...

[Peter Jeremy]

On Mon, 2007-Jan-29 19:05:07 +0000, Gabor Kovesdan wrote:
>  Remove USE_GPG from all effected ports.

This sounds like it could have been useful.  FreeBSD is currently sorely
missing a good general authentication mechanism (though cperciva@ is
doing his best to create bits of one).

>  was supposed to work is useless, because if we can't trust the distfile from
>  the remote machine, we can't trust the signature from the same machine either.

This isn't true.  If you have a known good public key, then you can
trust the signature (and hence the distfile), even if both are
downloaded from crackers-r-us.  The whole point of digital signatures
is that you can obtain information from an untrusted source (eg the
Internet) and be able to determine if it was has been tampered with.

>  Our MD5 and SHA256 are good for checking both the sanity and the
>  trustiness of distfiles.

Except that the MD5 and SHA256 checksums can't be totally trusted.
There are a variety of MITM attacks which could allow someone to alter
checksums stored on an end-user hosts.  I think it's unfortunate that
the security team was not involved in this decision.

-- 
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-all/attachments/20070130/0200093b/attachment.pgp