Cryptographically enabled ports tree.
Colin Percival
colin.percival at wadham.ox.ac.uk
Mon Jun 23 03:04:32 PDT 2003
At 09:24 23/06/2003 +0200, William Fletcher wrote:
>No use signing if cvsup is a mess.
False. If the ports tree is signed, people can verify its integrity
regardless of how they obtain it.
>We need cvsup-ssl, Then, all the big security guys need to do
>is provide a public key for the cvsup-mirrors, which then get
>the public key for the big cvsup server, etc.
>
>That way, cvsup is secure, and we can trust it.
Not good enough. Cvsup-ssl would secure the cvsup process itself, but
it would not protect against a malicious or damaged cvsup mirror. We need
end-to-end signing -- the ports tree should be signed on freefall or
cvsup-master, and verified by the end users.
Colin Percival
More information about the freebsd-chat
mailing list