[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gnu.org #209003] Re: [Savannah-hackers] Outdated file location for
|
From: |
Sylvain Beucler |
|
Subject: |
Re: [gnu.org #209003] Re: [Savannah-hackers] Outdated file location for AUCTeX? |
|
Date: |
Tue, 31 Aug 2004 21:43:51 +0200 |
|
User-agent: |
Mutt/1.4.2.1i |
Also, *please* keep people in Cc when you use RT. I almost always have
to manually forward messages sent by RT to the mailing-list that was
in Cc of the original request (be the sender be you, licensing, or
others). Above all, the Savannah hackers cannot be kept in sync if
they are not all notified of issues through savannah-hackers (or
sv-root for security issues), so this can be quite inconvenient.
Thanks,
--
Sylvain
On Mon, Aug 30, 2004 at 06:25:23PM -0400, James Blair via RT wrote:
> > address@hidden - Tue Aug 24 04:51:12 2004]:
> >
> > Hello,
> >
> > http://ftp.gnu.org/savannah/files/ contains files that were available
> > before the crack, and may be compromised. I think they were moved
> > there in case a project administrator needed them, before we delete
> > them definitely.
> >
> > I think it is a good time to do so right now.
> >
> > People at ftp.gnu.org (in Cc) should be able to make a symlink to the
> > official location then, but I think it would be cleaner if we could
> > remove the outdated directory definitively.
> >
> > What do you all think?
>
> Sorry for the delay, I wanted to have a conversation with Bradley Kuhn
> about this before I responded.
>
> It is disturbing that this directory is being mirrored. The last thing
> we want to do is distribute possibly compromised code. We should indeed
> pull it ASAP. How about this proposal:
>
> 1) Move contents of ftp.gnu.org/savannah out of the way
> 2) Make them available to people by email request
> 3) Replace with a README that explains:
> a) about the compromise
> b) what resources are available to developers that would like to
> audit their code
> c) whom to contact by email to get those resources
> d) whom to contact by email to report results of an audit
> 4) Possibly include a list of packages and their audit status?
>
> I don't think we've received an audit report in a very long time, so I
> don't expect that we'll actually get many (if any) requests. Would
> savannah-hackers be interested in storing these resources on the
> Savannah server (in a non-public-accessible location) and being the
> point of contact for requests?
>
> -Jim
>
--
Sylvain
- Re: [gnu.org #209003] Re: [Savannah-hackers] Outdated file location for AUCTeX?,
Sylvain Beucler <=