Secure method for fetching freebsd sources ?
Matthew Seaman
m.seaman at infracaninophile.co.uk
Sat Jan 16 20:05:40 UTC 2010
Angelin Lalev wrote:
> Greetings,
>
> Which is the *secure* way of fetching freebsd sources?
> Cvsup looks prone to MiM attacks, CTM looks promising, but only if I
> have been member of the appropriate ctm list since the release of 8.0.
> (it seems that the ctm deltas on the ftp are not signed.).
> Do FreeBSD cvs servers support ssh instead of rsh access as OpenBSD server do?
> Other alternatives?
>
> Please note that this is not a theoretical question. I really have a
> system which i'll put in a place I don't trust, so I'll try to encrypt
> everything from the disk to the connections which I will use for
> updating.
You can use freebsd-update(8) to fetch system sources as well as binary
updates. Updates are cryptographically secured -- whether this is enough
for your application is a judgement call you will have to make.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20100116/d1dbdf8c/signature.pgp
More information about the freebsd-questions
mailing list