John-Mark Gurney
2017-Dec-10 19:02 UTC
http subversion URLs should be discontinued in favor of https URLs
Igor Mozolevsky wrote this message on Sun, Dec 10, 2017 at 17:39 +0000:> On 10 December 2017 at 17:32, John-Mark Gurney <jmg at funkthat.com> wrote: > > <snip> > > > The discussion has been for svn updates over http, not for freebsd-update > > updates which are independantly signed and verified.. There is currently > > no signatures provided via SVN to validate any source received via http. > > There has been no instance of in-transit compromise reported since SVN was > introduced.So, you require an exploit in the wild before you'll patch? -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."
Igor Mozolevsky
2017-Dec-10 19:17 UTC
http subversion URLs should be discontinued in favor of https URLs
On 10 December 2017 at 19:02, John-Mark Gurney <jmg at funkthat.com> wrote:> Igor Mozolevsky wrote this message on Sun, Dec 10, 2017 at 17:39 +0000: > > On 10 December 2017 at 17:32, John-Mark Gurney <jmg at funkthat.com> wrote: > > > > <snip> > > > > > The discussion has been for svn updates over http, not for > freebsd-update > > > updates which are independantly signed and verified.. There is > currently > > > no signatures provided via SVN to validate any source received via > http. > > > > There has been no instance of in-transit compromise reported since SVN > was > > introduced. > > So, you require an exploit in the wild before you'll patch?No, I'm saying it's not a realistic threat model! If the threat is the integrity of the source code in transit, then it'd be way cheaper and way more reasonable to implement a Merkle Tree-like verification with each revision. -- Igor M.