Secure method for fetching freebsd sources ?

Matthew Seaman m.seaman at
Sat Jan 16 20:05:40 UTC 2010

Angelin Lalev wrote:
> Greetings,
> Which is the *secure* way of fetching freebsd sources?
> Cvsup looks prone to MiM attacks, CTM looks promising, but only if I
> have been member of the appropriate ctm list since the release of 8.0.
> (it seems that the ctm deltas on the ftp are not signed.).
> Do FreeBSD cvs servers support ssh instead of rsh access as OpenBSD server do?
> Other alternatives?
> Please note that this is not a theoretical question. I really have a
> system which i'll put in a place I don't trust, so I'll try to encrypt
> everything from the disk to the connections which I will use for
> updating.

You can use freebsd-update(8) to fetch system sources as well as binary
updates.  Updates are cryptographically secured -- whether this is enough
for your application is a judgement call you will have to make.



Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP:     Ramsgate
                                                  Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
Url :

More information about the freebsd-questions mailing list