Add an update for November 18th, 2012.
Change some headers so that updates are easier to see. Fix a case issue (ports -> Ports). Approved by: core, bcr (mentor, implicit)
This commit is contained in:
Gavin Atkinson
parent
401bb56d52
commit
a0e39e31fb
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=40088
1 changed files with 36 additions and 3 deletions
|
|
@ -62,7 +62,8 @@
|
|||
|
||||
<ul>
|
||||
<li><a href="#announce">Announcement</a></li>
|
||||
<li><a href="#details">Initial Details</a></li>
|
||||
<li><a href="#update20121118">Update: 18th November 2012</a></li>
|
||||
<li><a href="#details">Initial Details: 17th November 2012</a></li>
|
||||
<li><a href="#impact">What is the Impact?</a></li>
|
||||
<li><a href="#done">What has FreeBSD.org done about this?</a></li>
|
||||
<li><a href="#recommend">Recommendations</a></li>
|
||||
|
|
@ -70,7 +71,39 @@
|
|||
|
||||
<p>More details will be added here as they become available.</p>
|
||||
|
||||
<h2><a name="details">Initial details</a></h2>
|
||||
<h1><a name="update20121118">Update: November 18th, 2012</a></h1>
|
||||
|
||||
<p>Newer portsnap(8) snapshots are once again available. The
|
||||
generation of these had been suspended as part of the infrastructure
|
||||
lockdown, however all machines involved have either been audited or
|
||||
reinstalled and so we are now confident that these can be made
|
||||
available once more.</p>
|
||||
|
||||
<p>The Subversion to CVS exporter is now up and running again.
|
||||
Updates made to the Subversion repository will once again appear in
|
||||
repositories available via csup/CVSup. Please note that the use of
|
||||
these exports are still deprecated, and users are urged to move to
|
||||
one of the supported methods (for example, freebsd-update(8),
|
||||
portsnap(8), or Subversion) in order to obtain updates. Note also
|
||||
that we are still currently unable to guarantee the integrity of
|
||||
past history within the CVS repository, but are confident in the
|
||||
integrity of checkouts from the top-of-tree of each branch.</p>
|
||||
|
||||
<p>Please note that due to infrastructure changes, the first update
|
||||
through either portsnap(8) or csup(1) is likely to show changes to
|
||||
a large number of files. This is nothing to worry about.</p>
|
||||
|
||||
<p>As mentioned in the original announcement, a package set uploaded in
|
||||
preparation for the upcoming FreeBSD 9.1-RELEASE could not be verified,
|
||||
and so was removed. In order to allow system integrators and end
|
||||
users to verify that packages they may have downloaded are not from
|
||||
this set, we have provided files containing both
|
||||
<a href="/news/2012-compromise/sha256.sums.20121118.txt">sha256</a> and
|
||||
<a href="/news/2012-compromise/md5.sums.20121118.txt">md5</a> checksums
|
||||
for all removed packages.</p>
|
||||
|
||||
<h1><a name="details">November 17th, 2012</a></h1>
|
||||
<h2>Initial details</h2>
|
||||
|
||||
<p>On Sunday 11th November 2012, two machines within the FreeBSD.org
|
||||
infrastructure were found to have been compromised. These machines
|
||||
|
|
@ -177,7 +210,7 @@
|
|||
<li>If you use the already-deprecated cvsup/csup distribution
|
||||
mechanisms, you should stop now.</li>
|
||||
<li>If you were using cvsup/csup for ports, you should switch to
|
||||
portsnap(8) right away. ports developers should be using
|
||||
portsnap(8) right away. Ports developers should be using
|
||||
Subversion already. Further information on preferred mechanisms
|
||||
for obtaining and updating the ports tree can be found at
|
||||
<a href="/doc/handbook/ports-using.html">
|
||||
|
|
|
|||
Loading…
Reference in a new issue