So far there's no evidence that any distfiles were compromised. For
files in the ports collection, they would have been caught by the md5
checksum.



I wouldn't be so sure, the guy was harvesting passwords.
Although I don't know the details of the commit procedure he would surely be able to fiddle with any commits which are, by definition, going to have different checksums.


but I'm guessing. In the face of no facts it is the only choice I have.



_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to