For all you CVS users and admins out there. This just came across the CVS mailing list today. Alan -------- Original Message -------- Subject: Security Breach Alert - CVS Home File Download Area Compromised Date: Mon, 24 Jan 2005 13:45:07 -0800 From: Conrad T. Pino To: , "Bug CVS" , "Info CVS" CC: Brian Noble -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello All, It's been brought to my attention the "*.sig" files in the Max OS X can't be downloaded as they appear to have zero file size. I have confirmed this report and have confirmed the issue in the Solaris i386 area as well. On further investigation of a limited sample set, every file I have sampled now downloads with a substantially larger size than the size on the download page and larger than the size of the reference copy I maintain. Although my sample size is quite small the error rate is 100% which I believe is sufficient cause to raise an alarm. Until such time as the state of www.cvshome.org can be determined, I recommend the CVS community refrain from downloading files or do so with extreme caution. I would appreciate all binary maintainers please sample their uploads and report deviations to Brian Noble of Collab Net who is copied in this message. I would appreciate someone stepping forward to assume responsibility for coordinating an investigation into this issue. Best regards, Conrad T. Pino (510) 848-3929 -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBQfVsYrNM28ubzTo9EQLDaACdF+j1YPDchv5Lz4iDI9yptoQq11kAn3C0 +oEtYdKUiPrwpZFqGWc74kaH =MUnr -----END PGP SIGNATURE----- _______________________________________________ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss