In message <20121121031959.ga30...@server.rulingia.com>, Peter Jeremy writes: > On 2012-Nov-20 11:30:59 -0500, Gary Palmer <gpal...@freebsd.org> wrote: > >On Tue, Nov 20, 2012 at 11:26:42AM -0500, Eitan Adler wrote: > >> On 20 November 2012 04:54, xenophon\+freebsd > >> <xenophon+free...@irtnog.org> wrote: > >> >> As of now: > >> >> > >> >> - SVN is *the* source of truth. > >> > > >> > Would it be possible to publish FreeBSD's Subversion repository using > >> > HTTPS, instead of HTTP? > >>=20 > >> %svn ls https://svn0.us-west.FreeBSD.org/base/ > > > >You will get a certificate warning. The certificates used do not > >appear to be officially signed by a recognised CA. The hashes of the=20 > >certificate keys are on the mirror website I pointed out in my email > > The certificates are self-signed. Whilst the hashes are published on > the FreeBSD website, that site is only available via HTTP so there's > still a bootstrap issue - which I don't have a general solution for.
See DANE, RFC 6698. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
