Re: cvsup and security - Kris Kennaway - org.freebsd.freebsd-security

5 messages in org.freebsd.freebsd-securityRe: cvsup and security

From	Sent On	Attachments
steve	Jul 8, 2001 8:34 pm
Kris Kennaway	Jul 8, 2001 10:11 pm
Crist J. Clark	Jul 8, 2001 10:34 pm
Kris Kennaway	Jul 8, 2001 11:12 pm
steve	Jul 9, 2001 4:26 pm

Subject:	Re: cvsup and security
From:	Kris Kennaway (kr...@obsecurity.org)
Date:	Jul 8, 2001 10:11:18 pm
List:	org.freebsd.freebsd-security

On Sun, Jul 08, 2001 at 10:35:14PM -0500, steve wrote:

Hi, I've been installing a few ports (great tool btw), and I've noticed that typing 'make install' in an app directory will perform an md5 checksum to verify that the download is legit and not corrupt. Is there anything similar done when using cvsup? Is there anyway to verify that the ports collection update that I'm receiving through cvsup is legit and not "trojaned" or altered in some other way?

Not currently.

Note to all on the list: please resist the temptation to offer suggestions for how cvsup could be improved to achieve this unless they're in the form of patches. We all know how to do it, but the code needs to be written.

Kris

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets