Cryptographically enabled ports tree.
Paul Robinson
paul at iconoplex.co.uk
Mon Jun 23 07:42:17 PDT 2003
On Mon, Jun 23, 2003 at 04:20:59PM +0200, William Fletcher wrote:
> All I really want, is to know that my /usr/src and /usr/ports
> aren't screwed up, can't be trojaned by somebody on my local lan.
But you don't mind them being trojanned by somebody with cvs commit bit on
the CVS servers that your ports and /usr/src come from?
> I don't trust local networks, especially ones with all sorts of
> clowns running all sorts of installations.
You don't trust your local network, but you do trust the rest of the
Internet? I want to meet you. You're funny.
You're worse than the guy I know whose Solaris boxes keep getting rooted and
he just re-installs the original OS without patching because "they'll get
in
eventually anyway".
Crypto-signing ports and packages does not solve the problem you want to
solve. It just creates a sense of false security. If you are paranoid,
inspect source before running make. If you don't want to, accept you have to
trust the site it came from. If you can't inspect the source and you can't
trust the site, either don't run the code, expect to be 0wned one day, or
delete your FreeBSD parition and buy all your software from an approved
Microsoft reseller[1].
Personally, I trust occasional inspections over code, watching the output of
the cvs grab in the daily run, and trusting the sites I got it from. If they
were crypto-signed I would:
- not see ports being upgraded so quickly
- be trusting somebody I don't know anyway who is just the passphrase holder
for a key belonging to a project made up of volunteers who created a signing
authority that doesn't actually exist as a legal entity (Lord Archer has
more credibility than that)
- expect more ports to fail to build
- expect more porters to ask "wtf is the point? I'll just keep it on Linux
because it's easy and I'm lazy"
- realise that I have approximately 0% more security for 10% more effort on
the porters part
This is soooooo bikeshed it makes my installer thread from last week look
critical to the project's success... which obviously it isn't[2] to anybody
but me. :-))
--
Paul Robinson
[1] It goes without saying, this is not sensible advice. I was being ironic.
buying your software from an approved MS reseller is the quickest way to
your machine being ripped apart by 14-year olds in California I know. With
the exception of 2003 Server, which seems fine. To me.
[2] ... yet :-)
More information about the freebsd-chat
mailing list