FreeBSD needs Git to ensure repo integrity [was: 2012 incident]
Peter Jeremy
peter at rulingia.com
Wed Nov 21 03:20:10 UTC 2012
On 2012-Nov-20 11:30:59 -0500, Gary Palmer <gpalmer at freebsd.org> wrote:
>On Tue, Nov 20, 2012 at 11:26:42AM -0500, Eitan Adler wrote:
>> On 20 November 2012 04:54, xenophon\+freebsd
>> <xenophon+freebsd at irtnog.org> wrote:
>> >> As of now:
>> >>
>> >> - SVN is *the* source of truth.
>> >
>> > Would it be possible to publish FreeBSD's Subversion repository using
>> > HTTPS, instead of HTTP?
>>
>> %svn ls https://svn0.us-west.FreeBSD.org/base/
>
>You will get a certificate warning. The certificates used do not
>appear to be officially signed by a recognised CA. The hashes of the
>certificate keys are on the mirror website I pointed out in my email
The certificates are self-signed. Whilst the hashes are published on
the FreeBSD website, that site is only available via HTTP so there's
still a bootstrap issue - which I don't have a general solution for.
--
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20121121/a36bb3cb/attachment.sig>
More information about the freebsd-security
mailing list