Date: Tue, 20 Nov 2012 07:15:30 -0500 From: Gary Palmer <gpalmer@freebsd.org> To: John Bayly <john.bayly@tipstrade.net> Cc: FreeBSD-security@FreeBSD.org Subject: Re: Clarrification on whether portsnap was affected by the 2012 compromise Message-ID: <20121120121530.GC88593@in-addr.com> In-Reply-To: <50AB6029.4090608@tipstrade.net> References: <50AB6029.4090608@tipstrade.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 20, 2012 at 10:49:13AM +0000, John Bayly wrote: > Regarding the 2012 compromise, I'm a little confused as to what was and > wasn't affected: > > >From the release: > > or of any ports compiled from trees obtained via any means other than > > through svn.freebsd.org or one of its mirrors > Does that mean that any ports updated using the standard "portsnap > fetch" may have been affected, I'm guessing yes. > " We have also verified that the most recently-available portsnap(8) snapshot matches the ports Subversion repository, and so can be fully trusted. "
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20121120121530.GC88593>