[clc-devel] Ports servers security
martin.opel at informatik.fh-regensburg.de
Thu Dec 4 07:57:50 UTC 2003
On Wed, 3 Dec 2003, Logan Ingalls wrote:
> Not that we're as large of a target for hackers, but one of Gentoo's
> central rsync servers was hacked yesterday:
> I figured this might make a good time to ask: "How secure are
> cvsup.fukt.bth.se and crux.fh-regensburg.de?"
I hope it is a bit more secure than the other machines from gentoo or
debian. I don't want to tell more details on a public mailing list.
Only so much: it is a very minimalistic install and it is firewalled by a
professional product (one of the best IMO).
The good point is, that we only have shell scripts and text-files in our
cvs-repository. If the Pkgfiles would be hacked, we should be able to
detect the changes in cvs. Debian and GNU have large amounts of source
code or even binary packages, what is a immense amount of work to check
martin opel / fachbereich informatik - fachhochschule regensburg
/ email: martin.opel at informatik.fh-regensburg.de
/ web: http://rfhs8012.fh-regensburg.de/~opel/
More information about the crux-devel