From owner-freebsd-questions@FreeBSD.ORG Thu Mar 17 00:59:28 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 0437216A4CF; Thu, 17 Mar 2005 00:59:28 +0000 (GMT) Date: Thu, 17 Mar 2005 00:59:27 +0000 From: Kris Kennaway To: Danny Message-ID: <20050317005927.GN91771@hub.freebsd.org> References: <20050316233556.GM91771@hub.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i cc: Kris Kennaway cc: FreeBSD-questions Subject: Re: Portsnap necessary? CVSup insecure? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-questions@FreeBSD.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Mar 2005 00:59:28 -0000 On Wed, Mar 16, 2005 at 06:49:05PM -0500, Danny wrote: > On Wed, 16 Mar 2005 23:35:56 +0000, Kris Kennaway wrote: > > On Wed, Mar 16, 2005 at 06:06:07PM -0500, Danny wrote: > > > With regards to: http://www.daemonology.net/portsnap/ > > > > > > Should I be concerned about my servers that use CVSup? Do the FreeBSD > > > guru's refuse to use CVSup, or is this overkill? > > > > Depends on your threat model, i.e. what are you afraid of? > > I will respond to your question with a question to hopefully answer > both of our questions. :) > > When is the last time a FreeBSD CVSup server was compromised - if ever? I don't know that it's ever happened. I don't know that that's really the threat model you should care about anyway, since someone could compromise the master portsnap server as well, just not any mirrors (but these are currently nonexistent anyway, afaik). Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe