PKG not quite ready for prime time
Bryan Drewery
bdrewery at FreeBSD.org
Fri Oct 10 19:47:41 UTC 2014
On 10/10/2014 1:12 PM, scratch65535 at att.net wrote:
> On Fri, 10 Oct 2014 12:57:42 -0500, Brian Drewery wrote:
>
>> find /usr/share/keys/pkg -exec sha256 {} +
>
> No such file
That's your problem. You are missing the signature fingerprints to
compare against. As such Pkg is refusing to do anything to prevent MITM
attacks.
You are missing this:
https://www.freebsd.org/security/advisories/FreeBSD-EN-14:03.pkg.asc
freebsd-update can provide it.
--
Regards,
Bryan Drewery
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20141010/c9c84b9f/attachment.sig>
More information about the freebsd-ports
mailing list