git: b88d607c23 - main - Status/2023Q1/freshports.adoc: Add report

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Lorenzo Salvadore <salvadore_at_FreeBSD.org>
Date: Tue, 11 Apr 2023 15:06:58 UTC
The branch main has been updated by salvadore:

URL: https://cgit.FreeBSD.org/doc/commit/?id=b88d607c2379254ffccc2922576831e20e8dc61b

commit b88d607c2379254ffccc2922576831e20e8dc61b
Author:     Dan Langille <dvl@FreeBSD.org>
AuthorDate: 2023-04-07 18:33:41 +0000
Commit:     Lorenzo Salvadore <salvadore@FreeBSD.org>
CommitDate: 2023-04-11 15:06:15 +0000

    Status/2023Q1/freshports.adoc: Add report
    
    Approved by:    carlavilla (mentor)
    Pull Request:   https://github.com/freebsd/freebsd-doc/pull/159
---
 .../status/report-2023-01-2023-03/freshports.adoc  | 48 ++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/website/content/en/status/report-2023-01-2023-03/freshports.adoc b/website/content/en/status/report-2023-01-2023-03/freshports.adoc
new file mode 100644
index 0000000000..1ffc32e770
--- /dev/null
+++ b/website/content/en/status/report-2023-01-2023-03/freshports.adoc
@@ -0,0 +1,48 @@
+=== Freshports: SQL Injection Attack and Help Request
+
+Links: +
+link:https://freshports..org[FreshPorts] URL: link:freshports.org[] +
+link:https://news.freshports.org/[FreshPorts blog] URL: link:https://news.freshports.org/[]
+
+Contact: Dan Langille <dvl@FreeBSD.org>
+
+FreshPorts and FreshSource have reported upon FreeBSD commits for 20 years. They cover all commits, not just ports.
+
+FreshPorts tracks the commits and extracts data from the port Makefiles to create a database of information useful to both port maintainers and port users.
+
+For example, link:https://www.freshports.org/security/acme.sh/[] shows the history of the package:security/acme.sh[] port, back to its creation in May 2017.
+Also available are dependencies, flavors, configuration options, and available packages.
+All of this is useful for both users and developers of ports.
+
+==== SQL Injection Attack
+
+In March, an SQL injection attack was noticed and the website was patched.
+Notices were sent out via our Twitter account, our status page, and a notice on the top of each page of the website.
+The immediate attack vector was shutdown and soon patched.
+Additional preventative patches were added across the website.
+Everything we know about has been fixed.
+Users were notified and advised to change their passwords.
+
+Details at:
+
+* link:https://news.freshports.org/2023/03/24/sql-inejection-issues-fixed/[]
+* link:https://news.freshports.org/2023/03/24/freshsource-code-fixes/[]
+
+==== Help Needed
+
+It has been over 22 years since FreshPorts started.
+Others must take over eventually.
+I’d like to start that process now.
+There are several aspects to FreshPorts:
+
+* FreeBSD admin (updating the OS and packages)
+* front end code (website - mostly PHP)
+* back end code (commit processing - Perl, Python, shell)
+* database design (PostgreSQL).
+
+The database does not change very often and requires little maintenance compared to the applications and OS.
+The website pretty much runs itself.
+From time to time, a change to the FreeBSD ports infrastructure breaks something or requires a modification, but there is rarely any urgency to fix that.
+This is not a huge time commitment.
+There is a lot of learning.
+While not a complex application, FreshPorts is also not trivial.