On 18 November 2012 18:17, Gary Palmer <[email protected]> wrote: > On Sat, Nov 17, 2012 at 03:14:00PM +0000, Chris Rees wrote: >> On 17 Nov 2012 15:06, "Gary Palmer" <[email protected]> wrote: >> > >> > Hi, >> > >> > Can someone explain why the cvsup/csup infrastructure is considered >> insecure >> > if the person had access to the *package* building cluster? Is it because >> > the leaked key also had access to something in the chain that goes to >> cvsup, >> > or is it because the project is not auditing the cvsup system and so the >> > default assumption is that it cannot be trusted to not be compromised? >> > >> > If it is the latter, someone from the community could check rather than >> > encourage everyone who has been using csup/cvsup to wipe and reinstall >> > their boxes. Unfortunately the wipe option is not possible for me right >> > now and my backups do go back to before the 19th of September >> >> Checks are being made, but CVS makes it slow work. >> >> It's incredibly unlikely that there will be a problem, but the Project has >> to be cautious in recommendations. > > Thanks Chris for the update. May I politely suggest that the web page > as I read it yesterday was more along the lines of "assume your machine is > rooted, reinstall it". The reality is the message should have been "we > cannot prove cvs/cvsup was not affected yet, but we are continuing to > investigate. If you want to be really sure you weren't affected, reinstall > from known clean media. Else wait for further updates". > > While I understand some people, especially the more security minded people, > want to deprecate all access that isn't signed and secured, its no reason > to cause people unnecessary work/panic. Plus signing is only as good as > the security of the systems doing the builds and signing the content. > Its just been proven that they may not be as secure as expected. I'm afraid that you have to do your own risk assessment-- for the Project to recommend anything else would be irresponsible, and a major disaster should anything turn out to be compromised several months down the line... Having said that, on a personal note I don't think I'll be reinstalling in a hurry, but I'm also not handling banking details etc. As I said, you have to assess your own risk :) Chris _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"