On 03/16/2015 12:57, Yuri wrote:
www/npm downloads and installs packages without having signature checking in place. There is the discussion about package security https://github.com/node-forward/discussions/issues/29 , but actual checking isn't currently done.
I added the pkg-message with security advisories about this: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198653
Yuri _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
