Date: Wed, 30 May 2001 14:28:04 +0200 From: Anders Nordby <anders@fix.no> To: ports@freebsd.org Subject: (forw) Port distfiles: sourceforge compromise Message-ID: <20010530142804.A24422@totem.fix.no>
next in thread | raw e-mail | index | archive | help
--uAKRQypu60I7Lcqm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hello, I believe this is relevant for us too then. I haven't got any details about this though. Hohum. Regards, -- Anders. --uAKRQypu60I7Lcqm Content-Type: message/rfc822 Content-Disposition: inline Return-Path: <owner-ports@openbsd.org> Delivered-To: anders@totem.fix.no Received: from openbsd.cs.colorado.edu (openbsd.cs.colorado.edu [128.138.192.83]) by totem.fix.no (Postfix) with ESMTP id 37EDB3D3E for <anders@totem.fix.no>; Wed, 30 May 2001 14:24:50 +0200 (CEST) Received: from localhost (domo@localhost) by openbsd.cs.colorado.edu (8.11.3/8.10.1) with SMTP id f4UCNEQ24821; Wed, 30 May 2001 06:23:14 -0600 (MDT) Received: by openbsd.org (TLB v0.11a (1.26 tibbs 1998/09/22 04:41:41)); Wed, 30 May 2001 06:18:03 -0600 (MDT) Received: (from domo@localhost) by openbsd.cs.colorado.edu (8.11.3/8.10.1) id f4UCI2b12592 for ports-list; Wed, 30 May 2001 06:18:02 -0600 (MDT) Received: from schutzenberger.liafa.jussieu.fr (espie@schutzenberger.liafa.jussieu.fr [132.227.81.123]) by openbsd.cs.colorado.edu (8.11.3/8.10.1) with ESMTP id f4UCHw205596; Wed, 30 May 2001 06:17:58 -0600 (MDT) Received: (from espie@localhost) by schutzenberger.liafa.jussieu.fr (8.11.3/8.10.1) id f4UCHvb05993; Wed, 30 May 2001 14:17:57 +0200 (CEST) Date: Wed, 30 May 2001 14:17:57 +0200 From: Marc Espie <espie@schutzenberger.liafa.jussieu.fr> To: ports@openbsd.org, announce@openbsd.org Subject: Port distfiles: sourceforge compromise Message-ID: <20010530141757.A12467@schutzenberger.liafa.jussieu.fr> Reply-To: Marc.Espie@liafa.jussieu.fr Mail-Followup-To: Marc Espie <espie@schutzenberger.liafa.jussieu.fr>, ports@openbsd.org, announce@openbsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-ports@openbsd.org Precedence: bulk X-Loop: ports@openbsd.org I just got belated news that SourceForge got compromised. It's a case were we are very happy we do have strong cryptographic checksums for distfiles. * users, if you compile a port from source, be very paranoid around checksum changes, especially if the port comes from sourceforge. * porters, please be very, very careful in updating/importing anything that comes from sourceforge, at least for a while. This probably means that ANY update should not be done unless you've actually LOOKED HARD at the diff between the previous and the current version, or you have complete insurance that Source Forge is not the main distribution site, and the project could not have been tainted. --uAKRQypu60I7Lcqm-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010530142804.A24422>