Homebrew hacked

Perry E. Metzger perry at piermont.com
Wed Aug 8 16:56:24 UTC 2018

On Wed, 8 Aug 2018 12:52:45 -0400 "Perry E. Metzger"
<perry at piermont.com> wrote:
> On Wed, 8 Aug 2018 11:11:56 -0400 Craig Treleaven
> <ctreleaven at macports.org> wrote:
> > I ran across an article this morning describing how Homebrew was
> > hacked with a few minutes effort:
> > 
> > https://medium.com/@vesirin/how-i-gained-commit-access-to-homebrew-in-30-minutes-2ae314df03ab  
> See also: https://brew.sh/2018/08/05/security-incident-disclosure/
> > Has anybody checked to see if we have any similar exposures in the
> > MacPorts infrastructure?  
> That seems like it would be a good thing to examine.

BTW, in addition to these sorts of infrastructure issues, it might be
a good idea if we were more expeditious and systematic about updating
ports with known security holes. We might want a security officer
role, too.

Perry E. Metzger		perry at piermont.com

More information about the macports-dev mailing list