freebsd-update is vulnerable to freeze attacks.
Solution summary: the server-side inclusion of date-stamps, and strict client-side enforcement of expiration policies would mitigate this attack vector.
Over to maintainer.
For bugs that match the following
- Status Is In progress
- Untouched since 2018-01-01.
- Affects Base System OR Documentation
Reset to open status.
I did a quick pass but if you are getting this email it might be worthwhile to double check to see if this bug ought to be closed.
Drop freebsd-update PRs which were assigned to me. I'm not working on this code any more.