Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 17 Nov 2012 17:07:16 +0100 (CET)
From:      "M. Schulte" <m-freebsd@fuglos.org>
To:        freebsd-security@freebsd.org
Subject:   Re: Recent security announcement and csup/cvsup?
Message-ID:  <alpine.BSF.2.00.1211171705170.32838@m.fuglos.org>
In-Reply-To: <20121117150556.GE24320@in-addr.com>
References:  <20121117150556.GE24320@in-addr.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi,

> Can someone explain why the cvsup/csup infrastructure is considered
> insecure [...]

Speaking of cvsup security -- correct me if I'm wrong, but as far as I
know cvsup is generally vulnerable to man-in-the-attacks[0]. Hence I'd
be very happy about more and more people moving over to the portsnap
camp.

Best,
mel

[0] http://en.wikipedia.org/wiki/Portsnap
     http://unix.derkeiler.com/Mailing-Lists/FreeBSD/stable/2003-11/0287.html



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1211171705170.32838>