Date: Thu, 02 Dec 2010 15:56:36 -0800 From: Chuck Swiger <cswiger@mac.com> To: Rob Farmer <rfarmer@predatorlabs.net> Cc: Ivan Klymenko <fidaj@ukr.net>, freebsd-ports@freebsd.org Subject: Re: ftp/proftpd 1.3.3c with a version which contained a backdoor. Message-ID: <FFA0BDE6-78EE-4BA5-A6B9-E18D279A846E@mac.com> In-Reply-To: <AANLkTikYAv%2BuSykLBawfiZYSeU=2ze=6TVUmsQvP573V@mail.gmail.com> References: <20101202232206.66c672a1@ukr.net> <17BFBD62-414E-448B-A3CE-825C9467138E@mac.com> <AANLkTikYAv%2BuSykLBawfiZYSeU=2ze=6TVUmsQvP573V@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Dec 2, 2010, at 2:55 PM, Rob Farmer wrote: >> Checking, the tarball you now fetch is the one which matches their md5 and GnuPG signing from the link above... > > For several hours on Wednesday the distinfo was updated to the > compromised version (it has been reverted), so anyone who updated this > port recently should check their system. I see-- that's useful information to be aware of. Hopefully port maintainers practice a bit more wariness about distfiles changing unexpectedly; while it's common enough that people re-roll tarballs for whatever reason, it seems like there have been more incidents of reference sites getting owned... Regards, -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FFA0BDE6-78EE-4BA5-A6B9-E18D279A846E>