[Gimp-developer] Bogus/corrupted GIMP 2.6.2 distribution file
As the current maintainer for GIMP on MacPorts, I wanted to report that we had an incident this morning where the file checksums (md5, sha1, rmd160) for the new 2.6.2 gimp distribution on one of the GIMP mirrors http://gimp.site2nd.org/v2.6/ failed to match those of the official GIMP site and the other mirrors for that matter.[1] The offending site has been removed from our list of GIMP mirrors but I thought that someone in the GIMP developer community might want to know about it as it could represent a possible attack. Hope this is the right forum for this. [1] http://trac.macports.org/ticket/17057 ___ Gimp-developer mailing list Gimp-developer@lists.XCF.Berkeley.EDU https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-developer
Re: [Gimp-developer] Bogus/corrupted GIMP 2.6.2 distribution file
David Evans wrote: As the current maintainer for GIMP on MacPorts, I wanted to report that we had an incident this morning where the file checksums (md5, sha1, rmd160) for the new 2.6.2 gimp distribution on one of the GIMP mirrors http://gimp.site2nd.org/v2.6/ failed to match those of the official GIMP site and the other mirrors for that matter.[1] I have removed this site from the mirrors list in svn (the update of the site might take some time, though). It looks like it is just redirecting to ftp.gimp.org, though... Michael -- GIMP http://www.gimp.org | IRC: irc://irc.gimp.org/gimp Wiki http://wiki.gimp.org | .de: http://gimpforum.de Plug-ins http://registry.gimp.org | ___ Gimp-developer mailing list Gimp-developer@lists.XCF.Berkeley.EDU https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-developer
Re: [Gimp-developer] Bogus/corrupted GIMP 2.6.2 distribution file
Michael Schumacher wrote: David Evans wrote: As the current maintainer for GIMP on MacPorts, I wanted to report that we had an incident this morning where the file checksums (md5, sha1, rmd160) for the new 2.6.2 gimp distribution on one of the GIMP mirrors http://gimp.site2nd.org/v2.6/ failed to match those of the official GIMP site and the other mirrors for that matter.[1] I have removed this site from the mirrors list in svn (the update of the site might take some time, though). It looks like it is just redirecting to ftp.gimp.org, though... Michael That's what I see too so maybe the problem is in the redirection. Maybe MacPorts isn't handling that well. So what's the good of a mirror site that just redirects to the master? Dave ___ Gimp-developer mailing list Gimp-developer@lists.XCF.Berkeley.EDU https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-developer
