From owner-freebsd-questions@FreeBSD.ORG Wed Aug 13 15:04:44 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ACD3937B401 for ; Wed, 13 Aug 2003 15:04:44 -0700 (PDT) Received: from juice.thebigchoice.com (pc1-nott2-3-cust18.nott.cable.ntl.com [80.4.204.18]) by mx1.FreeBSD.org (Postfix) with SMTP id 4241C43FDF for ; Wed, 13 Aug 2003 15:04:43 -0700 (PDT) (envelope-from matt@thebigchoice.com) Received: (qmail 46797 invoked from network); 13 Aug 2003 22:04:50 -0000 Received: from localhost.proweb.net (HELO thebigchoice.com) (127.0.0.1) by juice.thebigchoice.com with SMTP; 13 Aug 2003 22:04:50 -0000 Message-ID: <3F3AB602.7020704@thebigchoice.com> Date: Wed, 13 Aug 2003 23:04:50 +0100 From: Matt Heath User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3) Gecko/20030425 X-Accept-Language: en, en-us MIME-Version: 1.0 To: FreeBSD Questions Mailing List References: <1060807840.561.8.camel@klotz.local> <20030813205810.GA55550@rot13.obsecurity.org> In-Reply-To: <20030813205810.GA55550@rot13.obsecurity.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: ftp.gnu.org got cracked... how does this affect FreeBSD? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Aug 2003 22:04:45 -0000 > > >So far there's no evidence that any distfiles were compromised. For >files in the ports collection, they would have been caught by the md5 >checksum. > > I wouldn't be so sure, the guy was harvesting passwords. Although I don't know the details of the commit procedure he would surely be able to fiddle with any commits which are, by definition, going to have different checksums. but I'm guessing. In the face of no facts it is the only choice I have.