[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security Breach Alert - CVS Home File Download Area Compromised

From: Conrad T. Pino
Subject: Security Breach Alert - CVS Home File Download Area Compromised
Date: Mon, 24 Jan 2005 13:45:07 -0800

Hash: SHA1

Hello All,

It's been brought to my attention the "*.sig" files in the Max OS X
can't be downloaded as they appear to have zero file size.  I have
confirmed this report and have confirmed the issue in the Solaris
i386 area as well.

On further investigation of a limited sample set, every file I have
sampled now downloads with a substantially larger size than the size
on the download page and larger than the size of the reference copy I

Although my sample size is quite small the error rate is 100% which
I believe is sufficient cause to raise an alarm.

Until such time as the state of www.cvshome.org can be determined, I
recommend the CVS community refrain from downloading files or do so
with extreme caution.

I would appreciate all binary maintainers please sample their uploads
and report deviations to Brian Noble of Collab Net who is copied in
this message.

I would appreciate someone stepping forward to assume responsibility
for coordinating an investigation into this issue.

Best regards,

Conrad T. Pino
(510) 848-3929

Version: PGP 7.0.4


reply via email to

[Prev in Thread] Current Thread [Next in Thread]