[clc-devel] Ports servers security

Martin Opel martin.opel at informatik.fh-regensburg.de
Thu Dec 4 07:57:50 UTC 2003


On Wed, 3 Dec 2003, Logan Ingalls wrote:

> Not that we're as large of a target for hackers, but one of Gentoo's
> central rsync servers was hacked yesterday:
>
>   http://lwn.net/Articles/61229/
>
> I figured this might make a good time to ask: "How secure are
> cvsup.fukt.bth.se and crux.fh-regensburg.de?"

I hope it is a bit more secure than the other machines from gentoo or
debian. I don't want to tell more details on a public mailing list.
Only so much: it is a very minimalistic install and it is firewalled by a
professional product (one of the best IMO).

The good point is, that we only have shell scripts and text-files in our
cvs-repository. If the Pkgfiles would be hacked, we should be able to
detect the changes in cvs. Debian and GNU have large amounts of source
code or even binary packages, what is a immense amount of work to check
IMHO.

Regards
Martin

--
martin opel / fachbereich informatik - fachhochschule regensburg
           / email: martin.opel at informatik.fh-regensburg.de
          / web: http://rfhs8012.fh-regensburg.de/~opel/



More information about the crux-devel mailing list