info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security Breach Alert - CVS Home File Download Area Compromised


From: Conrad T. Pino
Subject: Security Breach Alert - CVS Home File Download Area Compromised
Date: Mon, 24 Jan 2005 13:45:07 -0800

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello All,

It's been brought to my attention the "*.sig" files in the Max OS X
can't be downloaded as they appear to have zero file size.  I have
confirmed this report and have confirmed the issue in the Solaris
i386 area as well.

On further investigation of a limited sample set, every file I have
sampled now downloads with a substantially larger size than the size
on the download page and larger than the size of the reference copy I
maintain.

Although my sample size is quite small the error rate is 100% which
I believe is sufficient cause to raise an alarm.

Until such time as the state of www.cvshome.org can be determined, I
recommend the CVS community refrain from downloading files or do so
with extreme caution.

I would appreciate all binary maintainers please sample their uploads
and report deviations to Brian Noble of Collab Net who is copied in
this message.

I would appreciate someone stepping forward to assume responsibility
for coordinating an investigation into this issue.

Best regards,

Conrad T. Pino
(510) 848-3929

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBQfVsYrNM28ubzTo9EQLDaACdF+j1YPDchv5Lz4iDI9yptoQq11kAn3C0
+oEtYdKUiPrwpZFqGWc74kaH
=MUnr
-----END PGP SIGNATURE-----





reply via email to

[Prev in Thread] Current Thread [Next in Thread]