Portsnap necessary? CVSup insecure?
Kris Kennaway
kris at FreeBSD.org
Wed Mar 16 16:59:28 PST 2005
On Wed, Mar 16, 2005 at 06:49:05PM -0500, Danny wrote:
> On Wed, 16 Mar 2005 23:35:56 +0000, Kris Kennaway <kris at freebsd.org> wrote:
> > On Wed, Mar 16, 2005 at 06:06:07PM -0500, Danny wrote:
> > > With regards to: http://www.daemonology.net/portsnap/
> > >
> > > Should I be concerned about my servers that use CVSup? Do the FreeBSD
> > > guru's refuse to use CVSup, or is this overkill?
> >
> > Depends on your threat model, i.e. what are you afraid of?
>
> I will respond to your question with a question to hopefully answer
> both of our questions. :)
>
> When is the last time a FreeBSD CVSup server was compromised - if ever?
I don't know that it's ever happened.
I don't know that that's really the threat model you should care about
anyway, since someone could compromise the master portsnap server as
well, just not any mirrors (but these are currently nonexistent
anyway, afaik).
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe at alum.mit.edu>
More information about the freebsd-questions
mailing list