Secure method for fetching freebsd sources ?

[Angelin Lalev]

Greetings,

Which is the *secure* way of fetching freebsd sources?
Cvsup looks prone to MiM attacks, CTM looks promising, but only if I
have been member of the appropriate ctm list since the release of 8.0.
(it seems that the ctm deltas on the ftp are not signed.).
Do FreeBSD cvs servers support ssh instead of rsh access as OpenBSD server do?
Other alternatives?

Please note that this is not a theoretical question. I really have a
system which i'll put in a place I don't trust, so I'll try to encrypt
everything from the disk to the connections which I will use for
updating.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Secure method for fetching freebsd sources ?

[Matthew Seaman]

Angelin Lalev wrote:

Greetings,

Which is the *secure* way of fetching freebsd sources?
Cvsup looks prone to MiM attacks, CTM looks promising, but only if I
have been member of the appropriate ctm list since the release of 8.0.
(it seems that the ctm deltas on the ftp are not signed.).
Do FreeBSD cvs servers support ssh instead of rsh access as OpenBSD server do?
Other alternatives?

Please note that this is not a theoretical question. I really have a
system which i'll put in a place I don't trust, so I'll try to encrypt
everything from the disk to the connections which I will use for
updating.


You can use freebsd-update(8) to fetch system sources as well as binary
updates.  Updates are cryptographically secured -- whether this is enough
for your application is a judgement call you will have to make.

Cheers,

Matthew

--
Dr Matthew J Seaman MA, D.Phil.   7 Priory Courtyard
 Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
 Kent, CT11 9PW



signature.asc
Description: OpenPGP digital signature