Out-of-band File Verification (OOBFV) OOBFV $Id$ $Date$

This page is still work-in-progress!

OOBFV, or Out-of-band File Verification, is a system to do out-of-band verification of files. E.g. when retrieving some files via CVSup OOBFV can help detect if the local files match the files at the master site. OOBFV works by generating a list of checksums on the master site or on a trusted site which as secure access to the distributed files. The list of checksums are then distributed to the client which uses the checksums to verify that the local copy of the files hasn't been tampered with.

OOBFV was originally meant to only check CVS repositories so that is currently the only thing which is supported, but since it possible to use the same technique for "normal" files that will be supported later.

Warning: OOBFV is still in early development and should currently only be used by people who want to help test the system. It is almost certain that OOBFV will report false positives.

The main script can be found at http://simon.nitro.dk/dist-oobfv/oobfv.sh (this is not a permanent location). This will be packaged normally at a later point when it's ready for more normal use.


Note: The following is still WIP and not yet fully set up as of 2007-02-04.

The temporary public key used for these collections can be found at http://simon.nitro.dk/dist-oobfv/freebsd-oobfvkey.pub.

Currently Simon L. Nielsen is distributing sums for the FreeBSD CVS repository. These are distributed as the "freebsd-repo" collection from rsync://oobfv.nitro.dk/oobfv.