John Bayly
2012-Nov-20 10:49 UTC
Clarrification on whether portsnap was affected by the 2012 compromise
Regarding the 2012 compromise, I'm a little confused as to what was and wasn't affected:>From the release: > or of any ports compiled from trees obtained via any means other than > through svn.freebsd.org or one of its mirrorsDoes that mean that any ports updated using the standard "portsnap fetch" may have been affected, I'm guessing yes. Many thanks, John
Gary Palmer
2012-Nov-20 12:15 UTC
Clarrification on whether portsnap was affected by the 2012 compromise
On Tue, Nov 20, 2012 at 10:49:13AM +0000, John Bayly wrote:> Regarding the 2012 compromise, I'm a little confused as to what was and > wasn't affected: > > >From the release: > > or of any ports compiled from trees obtained via any means other than > > through svn.freebsd.org or one of its mirrors > Does that mean that any ports updated using the standard "portsnap > fetch" may have been affected, I'm guessing yes. >" We have also verified that the most recently-available portsnap(8) snapshot matches the ports Subversion repository, and so can be fully trusted. "