Then you have to secure the public key, which is intractable, apart from
having a number of Trusted People with the ability to revoke it.
Best that can reasonably be achieved is to secure the SVN repository by
having a script that checks the cvs list posts against the actual diffs,
and against the current contents of the repository. Then it's down to
enough eyeballs on the cvs list.
On Thu, Nov 10, 2005 at 08:31:19AM +0100, NextGen$ wrote:
> NextGen$ a ?crit :
>
> >Matthew Toseland a ?crit :
> >
> >
> >>On Wed, Nov 09, 2005 at 06:46:29PM +0100, NextGen$ wrote
> >>
> >>
> >>>Bob a ?crit :
> >>>
> >>>
> >>>>[snip.]
> >>>>Also the Emu seednodes link should be coral-cached as per Ian's wishes, I
> >>>>forgot
> >>>>about that.
> >>>>
> >>>>
> >>>Maybe I should do it on the server side ? Using some "permanent
> >>>redirect" trick...
> >>>
> >>>
> >>>
> >>Probably a good idea. But do we know how to tell whether it is being
> >>fetched by a coral-cache server?
> >>
> >>
> >>
> >>
> >Matching the user-agent ?
> >
> >Here is the revelant part of Apache's config file :
> >
> >RewriteEngine on
> >RewriteCond %{HTTP_USER_AGENT} !^CoralWebPrx
> >RewriteCond %{QUERY_STRING} !^coral-no-serve
> >RewriteRule ^/(.*)$ http://downloads.freenetproject.org.nyud.net:8090/$1
> >[R,L]
> >
> ><IfModule mod_expires.c>
> > <LocationMatch "/seednodes/">
> > ExpiresActive on
> > ExpiresDefault "access plus 2 hour"
> > </LocationMatch>
> ></IfModule>
> >
> >It should work ... please report if it doesn't.
> >
> >
> >
> >>>Should I let people downloading them without using CoralCache ?
> >>>
> >>>NextGen$.
> >>>
> >>>
> As all the traffic outgoing from downloads.freenetproject.org goes
> through CC, shouldn't we publish hashes of files. Does it worth it or am
> I the only one concerned by this potential weakness ?
>
> Publishing hashes might not be enough ... Endeed, what will prevent
> an offender from altering them too ? Maybe we should even use GPG...
>
> NextGen$.
> (nb. previously we weren't using nor SSL nor hashes ... so the website
> might already have been targetted by a MiM attack... Even on SF's
> website ;) )
>
> _______________________________________________
> Devl mailing list
> Devl at freenetproject.org
> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
--
Matthew J Toseland - toad at amphibian.dyndns.org
Freenet Project Official Codemonkey - http://freenetproject.org/
ICTHUS - Nothing is impossible. Our Boss says so.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL:
<https://emu.freenetproject.org/pipermail/devl/attachments/20051110/0c6c326f/attachment.pgp>
