Cryptographic signatures of installer sets
Nathan Dorfman
ndorf at rtfm.net
Sat Feb 15 19:27:05 UTC 2020
On Wed, Feb 12, 2020 at 03:22:21PM +0000, Glen Barber wrote:
> > Have you considered the possibility of simply publishing a detached
> > signature with every MANIFEST, in a similar manner to what is done for
> > the installer images?
> >
>
> I have not, as a change to the misc/freebsd-release-manifests port will
> generate an email (or at minimum, a change in the repository), which
> would be a red flag for nefarious behavior.
Gotcha. So it sounds like your solution is the best path forward.
Looking forward to seeing your patch!
-nd.
More information about the freebsd-security
mailing list