kraduk at gmail.com
Wed Mar 16 12:27:11 UTC 2016
That was my understanding of it, and the worry was the package builds could
have been compromised. Therefore everything was rebuilt from scratch after
an audit had happened.
On 16 March 2016 at 11:23, dweimer <dweimer at dweimer.net> wrote:
> On 2016-03-16 12:20 am, Doug Hardie wrote:
>> On 15 March 2016, at 21:11, Warren Block <wblock at wonkity.com> wrote:
>>> On Wed, 9 Mar 2016, Doug Hardie wrote:
>>> I recently saw a comment in one of the maillists that 11.0 was likely to
>>>> have the new packetized base feature. That tells me that 11.0 is most
>>>> likely to be dicey to work with. I am reminded when the new pkg system
>>>> came out and the supporting servers were compromised.
>>> To the best of my knowledge, there was no relation between pkg and any
>> There was a period where the regular pkg servers were not available
>> because they had to be rebuilt. I don't recall the dates. It was not
>> pkg_ng, but the first major revision to pkg after that.
> It wasn't because of the pkg / pkg_ng update though, if memory servers me
> correct a committer's username/password was comprised. It was just a
> coincidence that it happened around the same time update, but wasn't
> related to it.
> Dean E. Weimer
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions