[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: What shall we do to verify the CVS diffs for emacs?
|
From: |
Miles Bader |
|
Subject: |
Re: What shall we do to verify the CVS diffs for emacs? |
|
Date: |
Fri, 16 Jan 2004 18:04:49 -0500 |
|
User-agent: |
Mutt/1.3.28i |
On Fri, Jan 16, 2004 at 02:54:20PM -0500, Richard Stallman wrote:
> Then send me a list of the files you want to verify (C code or Lisp),
> or just request a list of files to check (and I'll chose some files
> for you).
>
> My idea was that we would ask the various contributors to check the
> changes they installed. It doesn't have to be done that way; we
> can try it this way too.
I don't know whether it's useful, but I've been tracking the emacs CVS
sources with my arch branch since before the break-in.
Naturally, any bogus checkins to CVS would have been mirrored in the arch
branch as well, but perhaps it might serve as check against retro-active
modification of the CVS files on savannah.
The intruder could have _also_ modified the arch archive to match[*] -- they
are now gpg-signed, but unfortunately were not at the time of the incident --
but that seems a fair bit less likely. In addition, the archive has been
mirrored on a non-GNU host since 1-sept (and arch mirrors are essentially
append-only); however there's still a (small) avenue for compromise, even
with the mirror, as I have an ssh key for it stored on fencepost.
[*] stored on fencepost, in my home dir
-Miles
--
Love is a snowmobile racing across the tundra. Suddenly it flips over,
pinning you underneath. At night the ice weasels come. --Nietzsche
Re: What shall we do to verify the CVS diffs for emacs?, Richard Stallman, 2004/01/15