New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
FreeBSD.org intrusion
I guess this explains why we didn't see FreeBSD 9.1 this week, and why ports weren't updated.
http://www.freebsd.org/news/2012-compromise.html
Maybe relevant for those on KVM hosts running FreeBSD guests.
Comments
Who are...?
A. Nobody
B. Crazy
C. Hipsters
D. Testing/Research/Security
There's a reason you don't use a version newer than freebsd-update supports in a production environment...
I mean least when there is an issue, they take it pretty seriously.
PS: the ports were updated, but the svn2csv servers weren't, meaning you could upgrade with svn/csup, but not say portsnap.
I'm pretty thankful I still insist on manually compiling all my ports instead of relying on packages.
@Kenshin how would you use ports 'not manually' ? I use ports too (as opposed to pkg_*), but not sure what you mean by manually/automagically :P.
Lol, I mean not use pkg_add at all even though it saves a lot of time.
pft, I don't care about saving a few minutes, the binary packages tend to be older, and don't always have the configuration options I want. Plus compiling from ports (some ports can be binary, but most are source builds) tends to be optimized for your system.
Reading over the original notice, it seems that primarily if you were using subversion to keep the port tree up to date for your 3rd party software, and stuck to using freebsd-update for your base/kernel, then should be unaffected by the intrusion. Course everyone I know tends to use portsnap (it's easy... probably why).
Course it wouldn't be a bad idea to install the port audit software and run that after each port tree update.