Subject: pkg/6374: Our sirc IRC client includes a script to launch a DOS attack. This is _not_ proper.
To: None <email@example.com>
From: None <firstname.lastname@example.org>
Date: 10/29/1998 15:02:19
>Synopsis: Our sirc IRC client includes a script to launch a DOS attack. This is _not_ proper.
>Responsible: gnats-admin (GNATS administrator)
>Arrival-Date: Thu Oct 29 12:20:00 1998
>Originator: Jim Wise
>Release: pkgsrc downloaded 1998-10-29
System: NetBSD nevrast.unicast.com 1.3.2 NetBSD 1.3.2 (NEVRAST) #1: Fri Jul 10 09:43:10 PDT 1998 email@example.com:/usr/src/sys/arch/i386/compile/NEVRAST i386
I do not use IRC, and wouldn't have noticed this except that I blew out my distfiles
and did a re- `make fetch'. To my surprise, and consternation, I noticed that our
sirc package downloads an add-on by the name of `winnuke.pl', which turns out to be
exactly what it sounds like -- a script-kiddy DoS attacker.
Am I actually to understand that we are distributing DoS software in NetBSD's package
system? Not software like sniffit which might be misused, but actual DoS software?
Sorry if I sound annoyed, but this is kind of big...
cd /usr/pkgsrc ; make sync ; cd ../../distfiles/sirc ; more winnuke.pl
Remove the `winnuke.pl' from script from pkgsrc/net/sirc/Makefile, and the
`lib/sirc/scripts/winnuke.pl' line from pkgsrc/net/sirc/pkg/PLIST. Please...