On Dec 2, 2010, at 2:55 PM, Rob Farmer wrote: >> Checking, the tarball you now fetch is the one which matches their md5 and >> GnuPG signing from the link above... > > For several hours on Wednesday the distinfo was updated to the > compromised version (it has been reverted), so anyone who updated this > port recently should check their system.
I see-- that's useful information to be aware of. Hopefully port maintainers practice a bit more wariness about distfiles changing unexpectedly; while it's common enough that people re-roll tarballs for whatever reason, it seems like there have been more incidents of reference sites getting owned... Regards, -- -Chuck _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
