Date: Tue, 6 May 2003 12:24:11 -0700 From: Adam Weinberger <adamw@freebsd.org> To: Adam <blueeskimo@gmx.net> Cc: ports@freebsd.org Subject: Re: xmms website hacked -- Should port be disabled temporarily? Message-ID: <20030506192411.GC70324@vectors.cx> In-Reply-To: <1052248387.70777.15.camel@jake> References: <1052248387.70777.15.camel@jake>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> (05.06.2003 @ 1213 PST): Adam said, in 0.7K: << > http://www.xmms.org has been hacked. > > Maybe the port should be temporarily disabled to keep people from > installing tampered sources? I know they'd have to bypass the MD5 check, > but some people might do that. > > Does FreeBSD have an official policy on this? >> end of "xmms website hacked -- Should port be disabled temporarily?" from Adam << Nuking the port seems severe. If anything, it seems reasonable to just reduce MASTER_SITES to MASTER_SITE_FREEBSD or just remove the 2 xmms.org sites from MASTER_SITES. The MD5 checksums are still the same. Somehow I really doubt that somebody who would hack xmms.org and put <blink> tags and the word "dildo" on the front page would also be able to pwn a tarball and keep the same checksum. # Adam - -- Adam Weinberger vectors.cx >> adam@vectors.cx FreeBSD.org << adamw@FreeBSD.ORG #vim:set ts=8: 8-char tabs prevent tooth decay. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+uAvbo8KM2ULHQ/0RAmAnAKCYUAuMx7xrAfTC92V9pawnUenLkgCdHR1/ U6BotnpR3umWX77wE2nOOG4= =i9Xd -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030506192411.GC70324>