[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What shall we do to verify the CVS diffs for emacs?

From: Richard Stallman
Subject: Re: What shall we do to verify the CVS diffs for emacs?
Date: Sat, 17 Jan 2004 07:54:03 -0500

    Naturally, any bogus checkins to CVS would have been mirrored in the arch
    branch as well, but perhaps it might serve as check against retro-active
    modification of the CVS files on savannah.

This could be very useful.  If you can verify that the check-ins
recorded in CVS with dates before the crack occurred are the same as
you put in your arch archive, that would be enough to show they are
ok.  That might do more than half the job right there.

I think it is unlikely the cracker found your mirror.

      In addition, the archive has been
    mirrored on a non-GNU host since 1-sept (and arch mirrors are essentially
    append-only); however there's still a (small) avenue for compromise, even
    with the mirror, as I have an ssh key for it stored on fencepost.

Do you have backups for the mirror?  If so, you could check
the mirror against its backups to verify that things were not
altered subsequently.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]