Changes between Version 202 and Version 203 of FAQ


Ignore:
Timestamp:
Jan 9, 2026, 6:33:34 PM (2 weeks ago)
Author:
jmroot (Joshua Root)
Comment:

rephrase security section

Legend:

Unmodified
Added
Removed
Modified

  • FAQ

    v202 v203  
    356356See [wiki:FAQ/GitHubMigration GitHubMigration].
    357357
    358 == Information security and the integrity of the MacPorts base sofware and individual packages ==
    359 
    360 === What controls are in place to check that the MacPorts utility is not tainted with malicious contributions and that the port scripts are not installing other than what it says on a Portfile? ===
     358== Information security and the integrity of the MacPorts base sofware and individual packages == #security
     359
     360=== What measures are in place to ensure that MacPorts is not tainted with malicious contributions and that the port scripts are not installing other than what it says on a Portfile? === #integrity
    361361
    362362For the integrity of the base software:
    363 * the MacPorts.dmg installer is signed by one of the project members, so that ensures the integrity of the initial installation.
     363* the MacPorts .pkg installer is signed by one of the project members, so that ensures the integrity of the initial installation.
    364364* the selfupdate process also uses signed tarballs that are checked against a public key that is part of the installation.
    365365
     
    369369For the integrity of the ports tree:
    370370* the distributed ports tree is also signed and the signature is verified when syncing the Portfiles.
    371 * the Portfiles itself come from the GitHub git repository, so the whole ports tree can be identified by a commit hash.
    372 
    373 It's not impossible that a committer could "turn evil" (though that would probably be noticed), or that software could be packaged that was compromised upstream.
     371* the Portfiles come from the GitHub git repository, so the whole ports tree can be identified by a commit hash.
     372
     373It's not impossible that a committer could begin acting maliciously (though that would probably be noticed), or that software could be packaged that was compromised upstream.
    374374
    375375For the integrity of the Portfiles:
    376376* that relies on what is merged into the ports tree, which are developed on GitHub with Pull Requests and reviews by project members.
    377377* the Portfiles also contain checksums to verify the upstream sources used for building the software.
    378 * all downloaded have to be the same for all users (also a requirement in order to mirror these distfiles correctly).
    379 
    380 The base code, ports tree, and most upstream software has source readily available, so definitely do your own audit of all of that before using it for anything critical.
    381 
    382 === How to verify the integrity of a MacPorts installation? ===
    383 
    384 You could in principle compare existing installation of the base software to a signed tar ball.
    385 Currently, there is no ready existing tooling for that.
     378* all downloaded files have to be the same for all users (also a requirement in order to mirror these distfiles correctly).
     379
     380The base code, ports tree, and most upstream software has source readily available, so it would be possible and advisable to audit all components before using them for anything critical.
     381
     382=== How can the integrity of a MacPorts installation be verified? === #verifyinstall
     383
     384You could in principle compare an existing installation of the software to a signed tarball.
     385Currently, there is no tooling for that.
    386386Also, some ports will be built locally, so there won't be a single "canonical" signed tarball for everything available.
    387387
    388 === What does MacPorts in capabilities for auditing of installation? ===
    389 
    390 Being open source, MacPorts is inherently more auditable than proprietary binaries, but the drawback is you have to assume responsibility yourself.
     388=== What capabilities does MacPorts offer for auditing of installations? === #auditing
     389
     390Being open source, MacPorts is inherently more auditable than proprietary binaries, but the drawback is the responsibility for this falls on the user.
    391391The MacPorts project is not in a position to make any guarantees and has to disclaim all liability.
    392 As far as integrity of the local files, we're mainly just relying on filesystem permissions.
    393 A third party file integrity checker should work fine though.
     392Integrity of MacPorts files on disk relies on appropriate filesystem permissions. By default, files are owned by root and cannot be modified by other users.
     393If you wish to check whether files have been modified since installation, a number of third party file integrity checkers are available and should work well with MacPorts.