FreeBSD needs Git to ensure repo integrity [was: 2012 incident]
Matthew Seaman
matthew at FreeBSD.org
Wed Nov 21 06:18:39 UTC 2012
On 21/11/2012 03:37, Mark Andrews wrote:
>> The certificates are self-signed. Whilst the hashes are published on
>> > the FreeBSD website, that site is only available via HTTP so there's
>> > still a bootstrap issue - which I don't have a general solution for.
> See DANE, RFC 6698.
Which means getting the FreeBSD.org domain signed using DNSSEC.
Something I'd be very happy to see.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 266 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20121121/7e3fc09a/attachment.sig>
More information about the freebsd-security
mailing list