Secure updating of OS and ports
Colin Percival
colin.percival at wadham.ox.ac.uk
Mon Nov 17 09:44:15 PST 2003
At 06:02 17/11/2003 -0800, Carol Overes wrote:
>I'm thinking of updating kernel and binaries with
>patches form ftp.freebsd.org which are siganed with
>the PGP key of the security officers. However, this
>has to be hand-made patching. Does anyone know a
>secure way via for example cvsup ?
CVSup is insecure. FreeBSD Update might do what you want, but you'd
have to trust me. :)
>Also, I'm looking for a secure way to update ports
>applications. How can I check that patches for ports
>doesn't contain any trojans for example, or are coming
>from the original source.
There isn't any way to update the ports tree securely. I'd like to fix
this, but at the moment I need to give priority to my DPhil work, so it
probably isn't going to happen in the near future.
Colin Percival
More information about the freebsd-stable
mailing list