Homebrew hacked
Perry E. Metzger
perry at piermont.com
Wed Aug 8 16:56:24 UTC 2018
On Wed, 8 Aug 2018 12:52:45 -0400 "Perry E. Metzger"
<perry at piermont.com> wrote:
> On Wed, 8 Aug 2018 11:11:56 -0400 Craig Treleaven
> <ctreleaven at macports.org> wrote:
> > I ran across an article this morning describing how Homebrew was
> > hacked with a few minutes effort:
> >
> > https://medium.com/@vesirin/how-i-gained-commit-access-to-homebrew-in-30-minutes-2ae314df03ab
>
> See also: https://brew.sh/2018/08/05/security-incident-disclosure/
>
> > Has anybody checked to see if we have any similar exposures in the
> > MacPorts infrastructure?
>
> That seems like it would be a good thing to examine.
BTW, in addition to these sorts of infrastructure issues, it might be
a good idea if we were more expeditious and systematic about updating
ports with known security holes. We might want a security officer
role, too.
Perry
--
Perry E. Metzger perry at piermont.com
More information about the macports-dev
mailing list