It seems CVSup uses clear text, with neither server authentication as SSH nor message authentication as PGP.
Is it possible to poison the DNS records and fire a man-in-the-middle attack against the source updating procedure? It seems portsnap uses a public key to verify downloads. Are there some source updating mechanisms with authentication or verification? Thanks. -- 裘佺 (QIU Quan) <jac...@gmail.com> _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"