On Wed, 8 Aug 2018 12:52:45 -0400 "Perry E. Metzger" <[email protected]> wrote: > On Wed, 8 Aug 2018 11:11:56 -0400 Craig Treleaven > <[email protected]> wrote: > > I ran across an article this morning describing how Homebrew was > > hacked with a few minutes effort: > > > > https://medium.com/@vesirin/how-i-gained-commit-access-to-homebrew-in-30-minutes-2ae314df03ab > > > > See also: https://brew.sh/2018/08/05/security-incident-disclosure/ > > > Has anybody checked to see if we have any similar exposures in the > > MacPorts infrastructure? > > That seems like it would be a good thing to examine.
BTW, in addition to these sorts of infrastructure issues, it might be a good idea if we were more expeditious and systematic about updating ports with known security holes. We might want a security officer role, too. Perry -- Perry E. Metzger [email protected]
