On Fri, Jan 2, 2009 at 10:44 AM, cpghost <[email protected]> wrote: > Hello, > > with MITM attacks [1] on the rise, I'm concerned about the integrity > of local /usr/src, /usr/doc, and /usr/ports trees fetched through csup > (and portsnap) from master or mirror servers. > > [1] http://en.wikipedia.org/wiki/Man-in-the-middle_attack > > There's already a small protection against MITM on the distfiles in > ports: distinfo contain md5 and sha256 digests. This is an excellent > idea that could be extended to *all* files in /usr/src, /usr/doc, and > /usr/ports. > Something like this was discussed back in September: http://lists.freebsd.org/pipermail/freebsd-hackers/2008-September/026052.html
I haven't tried Max's script yet, but it looks like it should do at least some of what you're looking for. Matt _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[email protected]"
