How do I securly update a *BSD system?

security package-management freebsd bsd

Security is a major concern. Every major Linux distribution uses signed packages. But the FreeBSD systems in the office downloading unsigned packages/ports via FTP.

Is there a solution that would allow me to securely update a *BSD on a malicious network?


Solution 1:

Use freebsd-update for official binary system updates.
When you upgrade packages from ports (e.g. with "portsnap" and "portmaster" like I do) the packages' source-files ARE signed with SHA256 checksums and verified before compilation, so I wouldn't worry about that.
Since it seems you're very much security-aware, I'd go with compiling ports from signed sources if I were you anyway.

Related

find all self-complementary graphs on five vertices
A finite divisible group is trivial
Use Lax-Milgram theorem to prove the existence of weak solution for an elliptic equation
Reinitialize a single Exchange 2010 mailbox?
.htaccess error "not allowed here" for all for all instructions
Calculating circle radius from two points on circumference (for game movement)
Cheap 'n' easy AIX hosting services? [closed]
Keep-Alive and Timeout Behaviours between different browsers on Windows
High availability without dropping connections
Apache 2.2 CGI timeout configuration
Why is the polynomial ring of more than one variable not a PID?
if $|a|<1$ so $\lim_{n\to \infty}na^n=0$.