On 28/09/2012 20:41, Ed Flecko wrote: > David - I'd like to, but every time I try that it prompts me for a > password...and I don't know what password it wants???
That would be the password to a freebsd.org account, which isn't going
to work for most people on two counts:
* freebsd.org uses SSH keys for authentication, not passwords.
* even if you've got a SSH key, not being a FreeBSD committer you
probably don't have a freebsd.org account.
For anonymous access, you can use http or svn. Given that anonymous
access is read-only, there's really not much to be gained from SSH or
other means of encrypting the connection, either for you, or for the
FreeBSD servers. It's anonymous, so you don't care about
authentication. FreeBSD sources are publicly available, so you don't
care about anyone eavesdropping on the traffic. About the only thing
you're still exposed to is a man-in-the-middle attack, where someone
could pose as a FreeBSD server and feed you a trojanned set of sources
-- but then, you'ld still be exposed in exactly the same way even using
svn+ssh. In practice, attacks of this type are very (pretty much
vanishingly) rare. If they do concern you, then use portsnap(8) /
freebsd-update(8) which has specific cryptographic protection against
such things. The portsnap and freebsd-update build systems also have
special access to the master FreeBSD repositories to minimize the
chances that they themselves could be fed trojanned sources.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey
signature.asc
Description: OpenPGP digital signature
