address@hidden: [gnu.org #209003] Re: [Savannah-hackers] Outdated file l

savannah-hackers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

address@hidden: [gnu.org #209003] Re: [Savannah-hackers] Outdated file l

From:	Sylvain Beucler
Subject:	address@hidden: [gnu.org #209003] Re: [Savannah-hackers] Outdated file location for AUCTeX?]
Date:	Tue, 31 Aug 2004 21:40:14 +0200
User-agent:	Mutt/1.4.2.1i

Yet another mail w/o sv-hackers in cc...

----- Forwarded message from James Blair via RT <address@hidden> -----

Envelope-to: address@hidden
Delivery-date: Mon, 30 Aug 2004 18:24:56 -0400
Subject: [gnu.org #209003] Re: [Savannah-hackers] Outdated file location for 
AUCTeX? 
From: "James Blair via RT" <address@hidden>
Reply-To: address@hidden
In-Reply-To: <address@hidden>
Precedence: bulk
X-RT-Loop-Prevention: gnu.org
RT-Ticket: gnu.org #209003
Managed-by: RT 3.0.8 (http://www.bestpractical.com/rt/)
RT-Originator: address@hidden
To: address@hidden,address@hidden
X-RT-Original-Encoding: utf-8
Date: Mon, 30 Aug 2004 18:25:23 -0400
X-Spam-Status: No, hits=-0.5 required=5.0
        tests=IN_REP_TO,QUOTED_EMAIL_TEXT,RCVD_IN_ORBS
        version=2.55
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
X-UIDL: 0\7!!d^`"!Qh9!!*pf!!

> address@hidden - Tue Aug 24 04:51:12 2004]:
> 
> Hello,
> 
> http://ftp.gnu.org/savannah/files/ contains files that were available
> before the crack, and may be compromised. I think they were moved
> there in case a project administrator needed them, before we delete
> them definitely.
> 
> I think it is a good time to do so right now.
> 
> People at ftp.gnu.org (in Cc) should be able to make a symlink to the
> official location then, but I think it would be cleaner if we could
> remove the outdated directory definitively.
> 
> What do you all think?

Sorry for the delay, I wanted to have a conversation with Bradley Kuhn
about this before I responded.

It is disturbing that this directory is being mirrored.  The last thing
we want to do is distribute possibly compromised code.  We should indeed
pull it ASAP.  How about this proposal:

1) Move contents of ftp.gnu.org/savannah out of the way
2) Make them available to people by email request
3) Replace with a README that explains:
   a) about the compromise
   b) what resources are available to developers that would like to
      audit their code
   c) whom to contact by email to get those resources
   d) whom to contact by email to report results of an audit
4) Possibly include a list of packages and their audit status?

I don't think we've received an audit report in a very long time, so I
don't expect that we'll actually get many (if any) requests.  Would
savannah-hackers be interested in storing these resources on the
Savannah server (in a non-public-accessible location) and being the
point of contact for requests?

-Jim


----- End forwarded message -----

-- 
Sylvain

[Prev in Thread]

Current Thread

[Next in Thread]

address@hidden: [gnu.org #209003] Re: [Savannah-hackers] Outdated file location for AUCTeX?], Sylvain Beucler <=

Prev by Date: Re: [Savannah-hackers] Re: Savannah Projects Approval (bis) PLOUG is a GNU/Linux User Group
Next by Date: Re: [Savannah-hackers] Project: Rockhopper GNU/Linux Distribution
Previous by thread: address@hidden: [Savannah-hackers] Re: Savannah Projects Approval (bis) PLOUG is a GNU/Linux User Group]
Next by thread: Re: [gnu.org #209003] Re: [Savannah-hackers] Outdated file location for AUCTeX?
Index(es):
- Date
- Thread