-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 13 Apr 2004 08:51, Christian BAYLE wrote: > Maybe you should add in your report that gforge is running on tens of > publicly available sites on the internet, gforge was security audited > several times, that alioth.debian.org was not compromized, when Debian > was attacked, and that you didn't provide any exploit. > > Personnally I find that savane and gforge should merge, savannah to > gforge migration will just prove it's possible.
That would be very nice indeed, and I agree with you. Perhaps this can be discussed? I don't know. > Le lun 12/04/2004 � 12:32, Lorenzo Hernandez Garcia-Hierro a �crit : > > Hi, > > I've to tell you about this: > > http://www.tuxedo-es.org/seguridad/GForge-1.xhtml > > Its a security audit almost finished of the latest GForge source. > > I am avalaible for help you about how to fix that issues. > > Please , after you've fixed GForge and released the patchs , i want to > > have permission > > for publish this in some security lists ( FD, bugtraq, wep app sec ) just > > to tell people > > and advice that they need to patch, is it o.k. ? > > Thanks in advance, > > Cheers > > PS: I am resending this message to some people of GNU , AFAIK there was > > an idea of migrating > > from Savannah/Savane to GForge because "Sava was not secure enough" , and > > i looked at your code > > just for know how secure is GForge and it presents AFAIK the same types > > of security problems of Savane. I don't know how the rest of you feel, but I think this should be discussed in private just in case some of this is exploitable. :) Elfyn - -- Elfyn McBratney, EMCB mailto:[EMAIL PROTECTED] http://www.emcb.co.uk/ PGP Key ID: 0x456548B4 PGP Key Fingerprint: 29D5 91BB 8748 7CC9 650F 31FE 6888 0C2A 4565 48B4 "When I say something, I put my name next to it." -- Isaac Jaffee >> ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ << << ~ Linux london 2.6.5-emcb-241 #2 i686 GNU/Linux ~ >> >> ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ << -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAe73taIgMKkVlSLQRAgKVAJ4w20JTmKPrv26otKPqmB/3Q9VzygCgmRlI /ZBpqe+3kmRT1ukdgh155l0= =wV/Y -----END PGP SIGNATURE----- _______________________________________________ Savane-dev mailing list [EMAIL PROTECTED] https://mail.gna.org/listinfo/savane-dev
