Date: Thu, 31 May 2001 18:42:27 -0700 (PDT) From: Brian Behlendorf <brian@collab.net> To: Alex Holst <a@area51.dk> Cc: <freebsd-security@freebsd.org> Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd) Message-ID: <Pine.BSF.4.31.0105311840420.52261-100000@localhost> In-Reply-To: <20010601013041.A32818@area51.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 1 Jun 2001, Alex Holst wrote: > That should be verified often with scanssh or something similar. I am sure it was 2.2.0. I had done a make buildworld Jan 31st but hadn't done a make installworld since Jan 12th, before the fix went in. Dumb dumb. > I was surprised when I read about the compromise, because it gives the > impression that people are still using passwords (as opposed to keys > with passphrases) for authentication in this day and age. Is that > correct? If so, why is that? CVS pserver. Yes, there is a long term plan to do away with the insecurities inherent in distributed CVS development: http://subversion.tigris.org/. Brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.31.0105311840420.52261-100000>