Foiling MITM attacks on source and ports trees

[Wojciech Puchar]

>> other ways to compromise Your systems.
>>
>> if one really care then make your VPN for all your computers, use one that
>> is unknown for others to download portsnap etc. and then use rsync to
>> populate it to other machines.
>
> I'm already getting the files from one location and disseminate
> them via rsync-over-SSH-over-VPNs to the server farms. But the
> problem is the initial download from a cvsup mirror. That's the
> one I'm really concerned with.

just use widely-"unknown" computer like your private, even better - 
something that have dynamic IP :)