Date: Fri, 9 Feb 2001 19:58:47 +0100 From: Szilveszter Adam <sziszi@petra.hos.u-szeged.hu> To: security@FreeBSD.ORG Subject: Re: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE Message-ID: <20010209195847.F27987@petra.hos.u-szeged.hu> In-Reply-To: <2488141552.981740685@[192.168.1.2]>; from cholet@logilune.com on Fri, Feb 09, 2001 at 05:44:45PM %2B0100 References: <200102082014.PAA29877@vws3.interlog.com> <2488141552.981740685@[192.168.1.2]>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Feb 09, 2001 at 05:44:45PM +0100, Eric Cholet wrote: > I received the following, what worries me is that the PGP signature > verified, and it's not April 1st. WTF ?? AFAIK it was not at all signed... unlike previous attempts by the same "funny" person. But what got me worried (and what nobody apparently understood from my post from yesterday) that this time the prankster managed to post on both freebsd-announce and freebsd-security-announce, which are supposed to be closed and moderated lists. So does this effectively mean, that just by forging a From: header, I can already post whatever I want on -announce? (An allegedly trusted resource) If so, we (freebsd.org) have a security problem. (Hence the post on -security, since we do not have any *public* mailing list for discussing security matters wrt freebsd.org itself, before anyone asks again.) If my allegation is not true, then what happened? -- Regards: Szilveszter ADAM Szeged University Szeged Hungary To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010209195847.F27987>