Am 20.11.2012 13:47, schrieb John Bayly: > On 20/11/12 12:15, Gary Palmer wrote: >> On Tue, Nov 20, 2012 at 10:49:13AM +0000, John Bayly wrote: >>> Regarding the 2012 compromise, I'm a little confused as to what was and >>> wasn't affected: >>> >>> >From the release: >>>> or of any ports compiled from trees obtained via any means other than >>>> through svn.freebsd.org or one of its mirrors >>> Does that mean that any ports updated using the standard "portsnap >>> fetch" may have been affected, I'm guessing yes. >>> >> " We have also verified that the most recently-available portsnap(8) snapshot matches the ports Subversion repository, and so can be fully trusted." > I suppose that implies that the previous portsnap snapshots couldn't be > [completely] trusted. Basically I wanted to know whether I had to go > through all the ports I've updated from the snapshots within the given > time frame and to a portupgrade --force on them. In the end I decided > yes (luckily it's only on a single box)[email protected]" So what ist the way to get a 'secure' portscollection? first update with 'portsnap -f /etc/portsnap.conf fetch update ' and then 'portupgrade -caDf' -- Dipl.Ing.Bader Richard GmbH, Helferichstrasse 32, 80999 Muenchen Tel.: +49 89 892205 31 Fax.: +49 89 892205 33 http://www.bader-muenchen.de _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"