Date: Tue, 27 Aug 2002 22:30:16 +0200 From: Alex Kiesel <alex.kiesel@document-root.de> To: Erick Mechler <emechler@techometer.net> Cc: David Olbersen <dave@slickness.org>, freebsd-security@FreeBSD.ORG Subject: Re: Ports are insecure? Message-ID: <20020827203016.GA10858@schlund.de> In-Reply-To: <20020827170508.GI90157@techometer.net> References: <20020827165347.GA12522@slickness.org> <20020827170508.GI90157@techometer.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Aug 27, 2002, Erick Mechler wrote: > Not just anybody can contribute to a FreeBSD port entry; the commit still > has to be done by an authorized committer. However, it's true that just > about anybody's software package can become a port, so if you just blindly > start installing ports, you might, on rare occasions, install a piece of > software that's been trojaned (take the recent OpenSSH trojan for example). As the ports collection has a checksum for every file that is needed, it should not be a big problem to avoid installing trojanized software. IIRC you could not install OpenSSH without ignoring checksum alerts. Cheers, Alex -- Alex Kiesel PGP Key: 0x09F4FA11 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020827203016.GA10858>