On Fri, Feb 13, 2004 at 08:15:34PM +0100, Wouter Verhelst wrote: > On Fri, Feb 13, 2004 at 09:59:25AM -0800, Matt Zimmerman wrote: > > On Thu, Feb 12, 2004 at 05:09:46PM -0600, Manoj Srivastava wrote: > > > > > 7) are security patch mechanisms convenient for the BSD's? > > > For Linux in general? For Debian? > > > > I believe their methods of distributing updates securely are significantly > > more convenient than ours at present. I believe you can checkout the ports > > tree via cvs over ssh, and so authenticate the server that you are talking > > to. > > I don't think you can, unless you happen to have an account on the CVS > server (which, of course, is only true for the system's developers). And > even then, at least in FreeBSD, developers still use CVSup plus a bunch > of scripts to update their local repository.
You can. http://www.openbsd.org/anoncvs.html#WHICH > > In our case, you need to verify a gpg signature on a file containing > > some md5sums which you must then verify by hand (and very few people do in > > my experience). > > In their case, there isn't even a gpg key, at least not AFAIK. CVSup > servers can be compromised too... The question was about convenience. In terms of server compromise, the two systems are pretty much equivalent. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
