From owner-freebsd-ports@FreeBSD.ORG  Fri Dec  3 05:50:52 2010
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 611421065693;
	Fri,  3 Dec 2010 05:50:52 +0000 (UTC) (envelope-from ade@FreeBSD.org)
Received: from panix.lovett.com (panix.lovett.com [166.84.7.128])
	by mx1.freebsd.org (Postfix) with ESMTP id 363328FC0C;
	Fri,  3 Dec 2010 05:50:51 +0000 (UTC)
Received: from cpe-66-68-128-204.austin.res.rr.com ([66.68.128.204]
	helo=[172.16.32.150])
	by panix.lovett.com with esmtpsa (TLSv1:AES128-SHA:128)
	(Exim 4.72 (FreeBSD)) (envelope-from <ade@FreeBSD.org>)
	id 1POOXg-0000sY-UW; Fri, 03 Dec 2010 05:50:49 +0000
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset=us-ascii
From: Ade Lovett <ade@FreeBSD.org>
In-Reply-To: <FFA0BDE6-78EE-4BA5-A6B9-E18D279A846E@mac.com>
Date: Thu, 2 Dec 2010 23:50:27 -0600
Content-Transfer-Encoding: quoted-printable
Message-Id: <38CFD0A3-0B0A-49E9-8420-E593CFD24A99@FreeBSD.org>
References: <20101202232206.66c672a1@ukr.net>
	<17BFBD62-414E-448B-A3CE-825C9467138E@mac.com>
	<AANLkTikYAv+uSykLBawfiZYSeU=2ze=6TVUmsQvP573V@mail.gmail.com>
	<FFA0BDE6-78EE-4BA5-A6B9-E18D279A846E@mac.com>
To: Chuck Swiger <cswiger@mac.com>
X-Mailer: Apple Mail (2.1082)
Cc: Ivan Klymenko <fidaj@ukr.net>, Rob Farmer <rfarmer@predatorlabs.net>,
	freebsd-ports Ports <freebsd-ports@freebsd.org>,
	Ade Lovett <ade@FreeBSD.org>
Subject: Re: ftp/proftpd 1.3.3c with a version which contained a backdoor.
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Dec 2010 05:50:52 -0000


On Dec 02, 2010, at 17:56 , Chuck Swiger wrote:
> On Dec 2, 2010, at 2:55 PM, Rob Farmer wrote:
>>=20
>> For several hours on Wednesday the distinfo was updated to the
>> compromised version (it has been reverted), so anyone who updated =
this
>> port recently should check their system.
>=20
> I see-- that's useful information to be aware of.  Hopefully port =
maintainers practice a bit more wariness about distfiles changing =
unexpectedly; while it's common enough that people re-roll tarballs for =
whatever reason, it seems like there have been more incidents of =
reference sites getting owned...

If ya'll are _absolutely_ certain that the current distfile is correct =
and not compromised then I would _strongly_ recommend that you bump =
PORTREVISION to make it absolutely obvious that folks see this.

-aDe