cosum: Checkout verification PoC
Vadim Goncharov
vadim_nuclight at mail.ru
Wed Nov 19 03:40:10 PST 2008
Hi Max Laier!
On Mon, 22 Sep 2008 22:33:25 +0200; Max Laier wrote about 'cosum: Checkout verification PoC':
> the attached script will generate md5 and sha256 checksums of a checkout and
> try to find the corresponding svn-revision. This can help to verify that your
> checkout from cvsupX.yy.freebsd.org is authentic. Not that there is reason to
> believe that we have compromised cvsup-servers. This is just something I've
> been toying with and wanted to let you know to see if people find the idea
> interesting. I'd also be interested in reviews of the concept (note that I
> know that https would be a good idea, I just cba to setup a certificate).
> The coverage currently is head and stable/{6,7} svn revision 179451:183186
> (i.e. since the first svn commit up to "2008-09-19 16:51:41 +0200". I don't
> yet have a cronjob in place to generate new checksums, so this will become
> less useful quick. If people do find it interesting, however, I could
> certainly roll something.
> As you can see, the script is ready to checksum cvs and svn checkouts. If you
> obtain your checkout from some local git/hg/svk/... mirror you must modify the
> find excludes accordingly.
> Let me know what you think.
This is a good solution for our users caring about security. I think such
definitely should be incorporated into base system and server-side support be
provided at freebsd.org on official basis.
--
WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight at mail.ru
[Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]
More information about the freebsd-current
mailing list