[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security Breach Alert - CVS Home File Download Area Compromised
From: |
Mark D. Baushke |
Subject: |
Re: Security Breach Alert - CVS Home File Download Area Compromised |
Date: |
Wed, 26 Jan 2005 14:20:48 -0800 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Would it be useful to consider creating ascii-armoured detached
signatures?
gpg -a --detach-sign <filename>.gz
should create a <filename>.gz.asc which may not have the same problems
as a binary <filename>.gz.sig file.
For what it is worth, here is what I got with regard to signature
verification using firefox on my gentoo GNU/Linux box.
I had no problems downloading the windows binaries:
https://ccvs.cvshome.org/files/documents/19/623/cvs-1-12-11.zip
or
https://ccvs.cvshome.org/files/documents/19/622/cvs-1-12-11.zip.sig
using firefox. Using gpg on the .sig file:
% gpg cvs-1-12-11.zip.sig
gpg: Signature made Tue Dec 14 12:42:58 2004 PST using DSA key ID 9BCD3A3D
gpg: Good signature from "Conrad T. Pino <Conrad@Pino.com>"
%
shows that the signature verified.
For the macosx binaries, I needed to tell firefox to 'Save As' to get the
https://ccvs.cvshome.org/files/documents/19/681/cvs-1.12.11-Darwin-7.7.0-powerpc.gz
file downloaded. It seems that I was forced to use wget or curl to fetch
a copy of the .sig file:
https://ccvs.cvshome.org/files/documents/19/682/cvs-1.12.11-Darwin-7.7.0-powerpc.gz.sig
doing so verified with no problems:
% gpg cvs-1.12.11-Darwin-7.7.0-powerpc.gz.sig
gpg: Signature made Mon Jan 17 11:55:38 2005 PST using DSA key ID 9BCD3A3D
gpg: Good signature from "Conrad T. Pino <Conrad@Pino.com>"
%
I am wondering if the problem is with the CollabNet
servlets/ProjectDocumentView JSP program not sending a reasonable
Content-Type for the document pages in question.
Later,
-- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
iD8DBQFB+BfA3x41pRYZE/gRAgKDAKCBq+X4EZmoi8qWcrDNe1hVbdyaFACeMOgJ
8PKJHN03GS47EgEdoOJlE/Q=
=R9Lj
-----END PGP SIGNATURE-----
- Re: Security Breach Alert - CVS Home File Download Area Compromised, (continued)
- Re: Security Breach Alert - CVS Home File Download Area Compromised, Larry Jones, 2005/01/25
- RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/26
- RE: Security Breach Alert - CVS Home File Download Area Compromised, Bernd Petrovitsch, 2005/01/26
- RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/26
- Re: Security Breach Alert - CVS Home File Download Area Compromised, Derek Price, 2005/01/26
- RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/26
- RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/26
- Re: Security Breach Alert - CVS Home File Download Area Compromised, Arno Schuring, 2005/01/26
- Re: Security Breach Alert - CVS Home File Download Area Compromised, Todd Denniston, 2005/01/26
- RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/26
- Re: Security Breach Alert - CVS Home File Download Area Compromised,
Mark D. Baushke <=
- Re: Security Breach Alert - CVS Home File Download Area Compromised, Mark D. Baushke, 2005/01/26
- RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/26
- Re: Security Breach Alert - CVS Home File Download Area Compromised, Larry Jones, 2005/01/26
- RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/26
RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/26
RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/28