Do you still need CTM?
Roman Kurakin
rik at inse.ru
Fri Aug 21 00:52:27 UTC 2015
Hi,
On 08/20/2015 03:59 PM, Helge Oldach wrote:
> Hi,
>
> (Sorry for the noise.)
>
> Julian H. Stacey wrote on Thu, 20 Aug 2015 14:01:03 +0200 (CEST):
>> If an axer asserts
>> there's a security issue, original author phk@ may be interested.
>> <ctm-users at freebsd.org> may also be interested to fix it, but
>> axe propenet has Not provided us detail.
> I suspects it's related to a potential MITM threat: Both freebsd-update as well as svn deliver mechanisms to detect such attacks and refuse to update. CTM doesn't - actually it's fairly easy to tamper with deltas shipped by unencrypted e-mail. (No, md5 sums don't help.)
So, signing emails would be enough?
Best regards,
rik
> [...]
>
> Regards,
> Helge
> _______________________________________________
> ctm-users at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/ctm-users
> To unsubscribe, send any mail to "ctm-users-unsubscribe at freebsd.org"
More information about the ctm-users
mailing list