Re: Retiring portsnap [was MITM attacks against portsnap and

看板FB_security作者時間11年前 (2014/04/14 02:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串7/17 (看更多)
David Noel <david.i.noel@gmail.com> writes: > My main point was that if you don't trust Subversion it makes no sense > to say you trust portsnap. Portsnap pulls the ports tree from > Subversion. Using Subversion! The portsnap system relies on the trust > of both svnadmin and svn. Just as it does when you run svn co and svn > up. If you say you don't trust Subversion, essentially what you're > saying is that you don't trust anything running on your computer. You were talking about MITM attacks. Portsnap uses secured access for getting updates out of Subversion, whereas doing "svn co" remotely generally does not. This is not a trivial point. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 freebsd-sec. 的文章
文章代碼(AID): #1JIj3WtS (FB_security)
討論串 (同標題文章)
完整討論串 (本文為第 7 之 17 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共17篇)
更多 freebsd-sec. 的文章
文章代碼(AID): #1JIj3WtS (FB_security)