xmms website hacked -- Should port be disabled temporarily?
Adam Weinberger
adamw at freebsd.org
Tue May 6 12:22:59 PDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>> (05.06.2003 @ 1213 PST): Adam said, in 0.7K: <<
> http://www.xmms.org has been hacked.
>
> Maybe the port should be temporarily disabled to keep people from
> installing tampered sources? I know they'd have to bypass the MD5 check,
> but some people might do that.
>
> Does FreeBSD have an official policy on this?
>> end of "xmms website hacked -- Should port be disabled temporarily?" from Adam <<
Nuking the port seems severe. If anything, it seems reasonable to just
reduce MASTER_SITES to MASTER_SITE_FREEBSD or just remove the 2 xmms.org
sites from MASTER_SITES.
The MD5 checksums are still the same. Somehow I really doubt that
somebody who would hack xmms.org and put <blink> tags and the word
"dildo" on the front page would also be able to pwn a tarball and keep
the same checksum.
# Adam
- --
Adam Weinberger
vectors.cx >> adam at vectors.cx
FreeBSD.org << adamw at FreeBSD.ORG
#vim:set ts=8: 8-char tabs prevent tooth decay.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE+uAvbo8KM2ULHQ/0RAmAnAKCYUAuMx7xrAfTC92V9pawnUenLkgCdHR1/
U6BotnpR3umWX77wE2nOOG4=
=i9Xd
-----END PGP SIGNATURE-----
More information about the freebsd-ports
mailing list