https://svn0.eu.freebsd.org self signed Cert
Florian Heigl
florian.heigl at gmail.com
Wed Jan 14 21:36:58 UTC 2015
Hi,
I wonder if this has been brought up before but didn’t see anything about it.
The EU SVN mirror is running a selfsigned cert, while the US one is running with a public accepted cert.
The documentation has the fingerprint for the certificate, it can be found at:
https://www.freebsd.org/doc/handbook/svn.html
Honestly it would be a lot easier to simply use a valid and public certificate for each of the SVN mirrors.
By now we should all have learned that any, really any slight chance of attack is being abused.
With a self signed cert we offload the problem to all users to actually verify the cert each time they do a fresh checkout.
Even better, with a self-signed cert we won’t have any CRL support, right? Or is there a CRL provided for them?
(Disclaimer, mostly this depends on that feature “ever” being added to SVN anyway)
I hope this plea reaches the right set of eyes for consideration.
Since the SVN page asks to send any questions to -questions instead of mirrors/infra, i’m sending it here.
tl;dr
Please: ditch any self signed certs from freebsd source and build infra chain.
More information about the freebsd-questions
mailing list