Cryptographically enabled ports tree.
Colin Percival
colin.percival at wadham.ox.ac.uk
Sun Jun 22 00:46:51 PDT 2003
At 22:59 21/06/2003 -0700, David Schultz wrote:
>If you just want to know that the bits you have came from
>freebsd.org, that's another thing. The technology to do that
>already exists in cvsup, as long as you trust the mirrors. (Most
>of them probably don't use authentication right now, but that can
>be fixed, I'm sure, if enough people are concerned about it.)
Well, sort of. The authentication in cvsup relies upon starting with a
shared secret, which isn't an option for the general public.
>If your whole point is that you don't trust the mirrors, then maybe
>you have a case for signing deltas on the master...
Exactly. I might, grudgingly, be willing to trust the people who run
the cvsup mirrors -- although I'd really rather not -- but trusting the
security, physical and electronic, of the mirrors is quite a different matter.
Colin Percival
More information about the freebsd-chat
mailing list