Hi Mathieu: : Someone brought to my attention the page <http://www.osvdb.org/7457> : : This page is title "Savane .#passwd File Password Disclosure" and was : published "Dec 11, 2001". : In the section product appears my name. : : The very first release of the software Savane has been made in 2004. And : I'm was myself implicated in the project Savannah (not a software : project, but a development platform) only since february 2002 (and my : name is not a product name). : : Since this report is about unreleased Software, mention issues the : Savane does not even deal about for a second (.#passwd, pserver password : file? Can anyone point of any part of the code that would specifically : deal with such file? I doubt it.), please update or remove this flawed : entry.
https://gna.org/projects/savane http://cvs.gna.org/viewcvs/savane/savane/ http://cvs.gna.org/viewcvs/savane/savane/ChangeLog http://cvs.gna.org/viewcvs/*checkout*/savane/savane/ChangeLog?rev=HEAD&content-type=text/plain Changelog: 2001-12-11 18:52 loic * gnuscripts/sf_cvs: remove a_project users, specify LockDir in /var/lock/cvs, disable SystemAuth, anoncvs is not a member of any group, webcvs is only a member of GNU projects, update /etc/cvs-pserver.conf instead of xinetd.conf, fix security problem related to pserver password file visible thru .#passwd file We'd love for you to clear up the vendor name if it wasn't yourself. It is clear from the changelog that this project dates back to before Feb 2002. The only time we use an author's name is when we don't have a company or official project name to go by. If you can help me with that, i'll be more than happy to update our entry and include the project name. Looking at the footer of that page, it seems "the Gna! people" would be more appropriate. Should I change it to that? Brian OSVDB.org _______________________________________________ Savane-dev mailing list [email protected] https://mail.gna.org/listinfo/savane-dev
