On 10 December 2017 at 19:02, John-Mark Gurney <[email protected]> wrote:
> Igor Mozolevsky wrote this message on Sun, Dec 10, 2017 at 17:39 +0000: > > On 10 December 2017 at 17:32, John-Mark Gurney <[email protected]> wrote: > > > > <snip> > > > > > The discussion has been for svn updates over http, not for > freebsd-update > > > updates which are independantly signed and verified.. There is > currently > > > no signatures provided via SVN to validate any source received via > http. > > > > There has been no instance of in-transit compromise reported since SVN > was > > introduced. > > So, you require an exploit in the wild before you'll patch? No, I'm saying it's not a realistic threat model! If the threat is the integrity of the source code in transit, then it'd be way cheaper and way more reasonable to implement a Merkle Tree-like verification with each revision. -- Igor M. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
