Angelin Lalev wrote:
Greetings,Which is the *secure* way of fetching freebsd sources? Cvsup looks prone to MiM attacks, CTM looks promising, but only if I have been member of the appropriate ctm list since the release of 8.0. (it seems that the ctm deltas on the ftp are not signed.). Do FreeBSD cvs servers support ssh instead of rsh access as OpenBSD server do? Other alternatives? Please note that this is not a theoretical question. I really have a system which i'll put in a place I don't trust, so I'll try to encrypt everything from the disk to the connections which I will use for updating.
You can use freebsd-update(8) to fetch system sources as well as binary updates. Updates are cryptographically secured -- whether this is enough for your application is a judgement call you will have to make. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW
signature.asc
Description: OpenPGP digital signature