Date: Sat, 17 Nov 2012 17:07:16 +0100 (CET) From: "M. Schulte" <m-freebsd@fuglos.org> To: freebsd-security@freebsd.org Subject: Re: Recent security announcement and csup/cvsup? Message-ID: <alpine.BSF.2.00.1211171705170.32838@m.fuglos.org> In-Reply-To: <20121117150556.GE24320@in-addr.com> References: <20121117150556.GE24320@in-addr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, > Can someone explain why the cvsup/csup infrastructure is considered > insecure [...] Speaking of cvsup security -- correct me if I'm wrong, but as far as I know cvsup is generally vulnerable to man-in-the-attacks[0]. Hence I'd be very happy about more and more people moving over to the portsnap camp. Best, mel [0] http://en.wikipedia.org/wiki/Portsnap http://unix.derkeiler.com/Mailing-Lists/FreeBSD/stable/2003-11/0287.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1211171705170.32838>