[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Security Breach Alert - CVS Home File Download Area Compromised

From: Conrad T. Pino
Subject: RE: Security Breach Alert - CVS Home File Download Area Compromised
Date: Wed, 26 Jan 2005 15:12:35 -0800

Hash: SHA1

Hi Mark,

> From: Mark D. Baushke
> When I got to the cvs-1.11.18-Darwin-7.7.0-powerpc.gz.sig link using
> 'w3m' (a text-based browser) it seems to have the wrong Content-Encoding
> (of 'gzip') for the .sig files in the macosx directory.
> This is likely what is confusing a number of browsers out there. I am
> not sure of the right way to tell the CollabNet servlets to fix the
> problem.

See prior message regarding Java servlet redirecting to file URL delivered
by Apache 2.0.47 server.

> Folks should be able to use tools like 'wget' and 'curl' to fetch files
> given the URLs.

Folks with tools like the above don't need binary files.  Such folks I
expect can compile the source for themselves.

> It may also be possible to tell your browser to NOT try
> to do any decoding of the file on the fly, but I am not sure how easy
> that is for things like IE.

I've been doing "right click" using "Save Target As..." option which
works correctly with "*.gz" files from Apache Jakarta where I tried
downloading Tomcat 4.1.31 with no problem.

Don't forget "*.tar.gz.sig", "*.tar.bz2.sig" and "*.zip.sig" files work
on CVS Home.  Can you check the difference between them & "*.gz.sig"?

Here's what Microsoft said about IE and MIME types:

>       -- Mark


Version: PGP 7.0.4


reply via email to

[Prev in Thread] Current Thread [Next in Thread]