For all you CVS users and admins out there. This just came across the CVS
mailing list today.
Alan
-------- Original Message --------
Subject: Security Breach Alert - CVS Home File Download Area Compromised
Date: Mon, 24 Jan 2005 13:45:07 -0800
From: Conrad T. Pino <
Conrad@Pino.com>
To: <
announce-binaries@ccvs.cvshome.org>, "Bug CVS" <
bug-cvs@gnu.org>,
"Info CVS" <
info-cvs@gnu.org>
CC: Brian Noble <
BNoble@Collab.Net>
Hello All,
It's been brought to my attention the "*.sig" files in the Max OS X
can't be downloaded as they appear to have zero file size. I have
confirmed this report and have confirmed the issue in the Solaris
i386 area as well.
On further investigation of a limited sample set, every file I have
sampled now downloads with a substantially larger size than the size on
the download page and larger than the size of the reference copy I
maintain.
Although my sample size is quite small the error rate is 100% which I
believe is sufficient cause to raise an alarm.
Until such time as the state of
www.cvshome.org can be determined, I
recommend the CVS community refrain from downloading files or do so with
extreme caution.
I would appreciate all binary maintainers please sample their uploads
and report deviations to Brian Noble of Collab Net who is copied in this
message.
I would appreciate someone stepping forward to assume responsibility for
coordinating an investigation into this issue.
Best regards,
Conrad T. Pino
(510) 848-3929
_______________________________________________
Info-cvs mailing list
Info-cvs@gnu.org
http://lists.gnu.org/mailman/listinfo/info-cvs
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)