Date: Thu, 2 Dec 2010 23:50:27 -0600 From: Ade Lovett <ade@FreeBSD.org> To: Chuck Swiger <cswiger@mac.com> Cc: Ivan Klymenko <fidaj@ukr.net>, Rob Farmer <rfarmer@predatorlabs.net>, freebsd-ports Ports <freebsd-ports@freebsd.org>, Ade Lovett <ade@FreeBSD.org> Subject: Re: ftp/proftpd 1.3.3c with a version which contained a backdoor. Message-ID: <38CFD0A3-0B0A-49E9-8420-E593CFD24A99@FreeBSD.org> In-Reply-To: <FFA0BDE6-78EE-4BA5-A6B9-E18D279A846E@mac.com> References: <20101202232206.66c672a1@ukr.net> <17BFBD62-414E-448B-A3CE-825C9467138E@mac.com> <AANLkTikYAv%2BuSykLBawfiZYSeU=2ze=6TVUmsQvP573V@mail.gmail.com> <FFA0BDE6-78EE-4BA5-A6B9-E18D279A846E@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Dec 02, 2010, at 17:56 , Chuck Swiger wrote: > On Dec 2, 2010, at 2:55 PM, Rob Farmer wrote: >>=20 >> For several hours on Wednesday the distinfo was updated to the >> compromised version (it has been reverted), so anyone who updated = this >> port recently should check their system. >=20 > I see-- that's useful information to be aware of. Hopefully port = maintainers practice a bit more wariness about distfiles changing = unexpectedly; while it's common enough that people re-roll tarballs for = whatever reason, it seems like there have been more incidents of = reference sites getting owned... If ya'll are _absolutely_ certain that the current distfile is correct = and not compromised then I would _strongly_ recommend that you bump = PORTREVISION to make it absolutely obvious that folks see this. -aDe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38CFD0A3-0B0A-49E9-8420-E593CFD24A99>