Date: Tue, 17 Mar 2015 02:16:00 -0700 From: Yuri <yuri@rawbw.com> To: freebsd-security@freebsd.org Subject: Re: npm doesn't check package signatures, should www/npm print security alert? Message-ID: <5507F0D0.2020002@rawbw.com> In-Reply-To: <55073593.50108@rawbw.com> References: <55073593.50108@rawbw.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 03/16/2015 12:57, Yuri wrote: > www/npm downloads and installs packages without having signature > checking in place. > There is the discussion about package security > https://github.com/node-forward/discussions/issues/29 , but actual > checking isn't currently done. I added the pkg-message with security advisories about this: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198653 Yuri
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5507F0D0.2020002>