From owner-svn-doc-all@FreeBSD.ORG  Sun Nov 18 23:02:40 2012
Return-Path: <owner-svn-doc-all@FreeBSD.ORG>
Delivered-To: svn-doc-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 454D04F8;
 Sun, 18 Nov 2012 23:02:40 +0000 (UTC)
 (envelope-from gavin@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 by mx1.freebsd.org (Postfix) with ESMTP id 2954F8FC08;
 Sun, 18 Nov 2012 23:02:40 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
 by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id qAIN2e3i030015;
 Sun, 18 Nov 2012 23:02:40 GMT (envelope-from gavin@svn.freebsd.org)
Received: (from gavin@localhost)
 by svn.freebsd.org (8.14.5/8.14.5/Submit) id qAIN2eA0030014;
 Sun, 18 Nov 2012 23:02:40 GMT (envelope-from gavin@svn.freebsd.org)
Message-Id: <201211182302.qAIN2eA0030014@svn.freebsd.org>
From: Gavin Atkinson <gavin@FreeBSD.org>
Date: Sun, 18 Nov 2012 23:02:39 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r40088 - head/en_US.ISO8859-1/htdocs/news
X-SVN-Group: doc-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for &quot;
 user&quot; , &quot; projects&quot; , and &quot; translations&quot;
 \)" <svn-doc-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-doc-all>
List-Post: <mailto:svn-doc-all@freebsd.org>
List-Help: <mailto:svn-doc-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Nov 2012 23:02:40 -0000

Author: gavin
Date: Sun Nov 18 23:02:39 2012
New Revision: 40088
URL: http://svnweb.freebsd.org/changeset/doc/40088

Log:
  Add an update for November 18th, 2012.
  
  Change some headers so that updates are easier to see.
  
  Fix a case issue (ports -> Ports).
  
  Approved by:	core, bcr (mentor, implicit)

Modified:
  head/en_US.ISO8859-1/htdocs/news/2012-compromise.xml

Modified: head/en_US.ISO8859-1/htdocs/news/2012-compromise.xml
==============================================================================
--- head/en_US.ISO8859-1/htdocs/news/2012-compromise.xml	Sun Nov 18 22:54:20 2012	(r40087)
+++ head/en_US.ISO8859-1/htdocs/news/2012-compromise.xml	Sun Nov 18 23:02:39 2012	(r40088)
@@ -62,7 +62,8 @@
 
     <ul>
       <li><a href="#announce">Announcement</a></li>
-      <li><a href="#details">Initial Details</a></li>
+      <li><a href="#update20121118">Update: 18th November 2012</a></li>
+      <li><a href="#details">Initial Details: 17th November 2012</a></li>
       <li><a href="#impact">What is the Impact?</a></li>
       <li><a href="#done">What has FreeBSD.org done about this?</a></li>
       <li><a href="#recommend">Recommendations</a></li>
@@ -70,7 +71,39 @@
 
     <p>More details will be added here as they become available.</p>
 
-    <h2><a name="details">Initial details</a></h2>
+    <h1><a name="update20121118">Update: November 18th, 2012</a></h1>
+
+    <p>Newer portsnap(8) snapshots are once again available.  The
+      generation of these had been suspended as part of the infrastructure
+      lockdown, however all machines involved have either been audited or
+      reinstalled and so we are now confident that these can be made
+      available once more.</p>
+
+    <p>The Subversion to CVS exporter is now up and running again.
+      Updates made to the Subversion repository will once again appear in
+      repositories available via csup/CVSup.  Please note that the use of
+      these exports are still deprecated, and users are urged to move to
+      one of the supported methods (for example, freebsd-update(8),
+      portsnap(8), or Subversion) in order to obtain updates.  Note also
+      that we are still currently unable to guarantee the integrity of
+      past history within the CVS repository, but are confident in the
+      integrity of checkouts from the top-of-tree of each branch.</p>
+
+    <p>Please note that due to infrastructure changes, the first update
+      through either portsnap(8) or csup(1) is likely to show changes to
+      a large number of files.  This is nothing to worry about.</p>
+
+    <p>As mentioned in the original announcement, a package set uploaded in
+      preparation for the upcoming FreeBSD 9.1-RELEASE could not be verified,
+      and so was removed.  In order to allow system integrators and end
+      users to verify that packages they may have downloaded are not from
+      this set, we have provided files containing both
+      <a href="/news/2012-compromise/sha256.sums.20121118.txt">sha256</a> and
+      <a href="/news/2012-compromise/md5.sums.20121118.txt">md5</a> checksums
+      for all removed packages.</p>
+
+    <h1><a name="details">November 17th, 2012</a></h1>
+    <h2>Initial details</h2>
 
     <p>On Sunday 11th November 2012, two machines within the FreeBSD.org
       infrastructure were found to have been compromised.  These machines
@@ -177,7 +210,7 @@
       <li>If you use the already-deprecated cvsup/csup distribution
 	mechanisms, you should stop now.</li>
       <li>If you were using cvsup/csup for ports, you should switch to
-	portsnap(8) right away.  ports developers should be using
+	portsnap(8) right away.  Ports developers should be using
 	Subversion already.  Further information on preferred mechanisms
 	for obtaining and updating the ports tree can be found at
 	<a href="/doc/handbook/ports-using.html">