Date: Thu, 17 Mar 2005 00:59:27 +0000 From: Kris Kennaway <kris@FreeBSD.org> To: Danny <nocmonkey@gmail.com> Cc: FreeBSD-questions <questions@freebsd.org> Subject: Re: Portsnap necessary? CVSup insecure? Message-ID: <20050317005927.GN91771@hub.freebsd.org> In-Reply-To: <addc34c60503161549443a23b3@mail.gmail.com> References: <addc34c605031615064b793c89@mail.gmail.com> <20050316233556.GM91771@hub.freebsd.org> <addc34c60503161549443a23b3@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 16, 2005 at 06:49:05PM -0500, Danny wrote: > On Wed, 16 Mar 2005 23:35:56 +0000, Kris Kennaway <kris@freebsd.org> wrote: > > On Wed, Mar 16, 2005 at 06:06:07PM -0500, Danny wrote: > > > With regards to: http://www.daemonology.net/portsnap/ > > > > > > Should I be concerned about my servers that use CVSup? Do the FreeBSD > > > guru's refuse to use CVSup, or is this overkill? > > > > Depends on your threat model, i.e. what are you afraid of? > > I will respond to your question with a question to hopefully answer > both of our questions. :) > > When is the last time a FreeBSD CVSup server was compromised - if ever? I don't know that it's ever happened. I don't know that that's really the threat model you should care about anyway, since someone could compromise the master portsnap server as well, just not any mirrors (but these are currently nonexistent anyway, afaik). Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe <forsythe@alum.mit.edu>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050317005927.GN91771>