xmms website hacked -- Should port be disabled temporarily?

Adam Weinberger adamw at freebsd.org
Tue May 6 12:22:59 PDT 2003

Hash: SHA1

>> (05.06.2003 @ 1213 PST): Adam said, in 0.7K: <<
> http://www.xmms.org has been hacked. 
> Maybe the port should be temporarily disabled to keep people from
> installing tampered sources? I know they'd have to bypass the MD5 check,
> but some people might do that.
> Does FreeBSD have an official policy on this?
>> end of "xmms website hacked -- Should port be disabled temporarily?" from Adam <<

Nuking the port seems severe. If anything, it seems reasonable to just
reduce MASTER_SITES to MASTER_SITE_FREEBSD or just remove the 2 xmms.org
sites from MASTER_SITES.

The MD5 checksums are still the same. Somehow I really doubt that
somebody who would hack xmms.org and put <blink> tags and the word
"dildo" on the front page would also be able to pwn a tarball and keep
the same checksum.

# Adam

- --
Adam Weinberger
vectors.cx	>>	adam at vectors.cx
FreeBSD.org	<<	adamw at FreeBSD.ORG
#vim:set ts=8: 8-char tabs prevent tooth decay.
Version: GnuPG v1.2.1 (FreeBSD)


More information about the freebsd-ports mailing list