[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: What shall we do to verify the CVS diffs for emacs?
|
From: |
Richard Stallman |
|
Subject: |
Re: What shall we do to verify the CVS diffs for emacs? |
|
Date: |
Sat, 17 Jan 2004 07:54:03 -0500 |
Naturally, any bogus checkins to CVS would have been mirrored in the arch
branch as well, but perhaps it might serve as check against retro-active
modification of the CVS files on savannah.
This could be very useful. If you can verify that the check-ins
recorded in CVS with dates before the crack occurred are the same as
you put in your arch archive, that would be enough to show they are
ok. That might do more than half the job right there.
I think it is unlikely the cracker found your mirror.
In addition, the archive has been
mirrored on a non-GNU host since 1-sept (and arch mirrors are essentially
append-only); however there's still a (small) avenue for compromise, even
with the mirror, as I have an ssh key for it stored on fencepost.
Do you have backups for the mirror? If so, you could check
the mirror against its backups to verify that things were not
altered subsequently.
- Re: What shall we do to verify the CVS diffs for emacs?, (continued)
Re: What shall we do to verify the CVS diffs for emacs?, Richard Stallman, 2004/01/15