Probably mere coincidence, but GitHub has disclosed a security
vulnerability of their service, which was exploited to target Rails
developers and unnamed others:
https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation
Neil Van Dyke wrote at 03/08/2012 06:32 PM:
Robby Findler wrote at 03/08/2012 05:45 PM:
Looks like something is trying to ssh while building the docs?
Can whoever figures this out let the list know, or email me
privately? Thanks.
If it turns out that a use of SSH made it into a *released* version of
Racket source, I might have to take a look at it, regardless of how
legitimate it is.
(Looks like something is trying to SSH, and "localhost"'s fingerprint
disagrees with user's SSH "known_hosts". So might have been going on
for a while, quietly, and only noticed now because of the unusual
situation of the fingerprint being different. And noticed because
someone was paying attention to the "raco setup" logs (if that indeed
"raco setup" process was the source, rather than some other process
that just had a handle for the stdio/terminal). I don't "grep" an
obvious use of SSH in the 5.2.1 sources I'm using right now.)
--
http://www.neilvandyke.org/
_________________________
Racket Developers list:
http://lists.racket-lang.org/dev
