RE: [Zope-dev] cvs.zope.org down
> >>> Toby Dickenson wrote > > That makes me nervous. How will you know that the sources in > cvs havent been > > compromised? > > Surely people can compare checkouts of the various branches (2.6, > 2.7) against > downloaded tarballs? We can't do the same with TRUNK, but that > should be still > possible to check against, say, a 2.7 beta. I have checkouts of just about every branch ever + the head in a couple of places - based on those, nothing untoward appears to have happened to the source tree. Everyone with a product or other code in that cvs should do a check to make sure, but given that we caught the intrusion almost immediately and that the attacker's methods were rather unsophisticated, I think the risk is pretty low. Brian Lloyd[EMAIL PROTECTED] V.P. Engineering 540.361.1716 Zope Corporation http://www.zope.com ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] cvs.zope.org down
>>> Toby Dickenson wrote > That makes me nervous. How will you know that the sources in cvs havent been > compromised? Surely people can compare checkouts of the various branches (2.6, 2.7) against downloaded tarballs? We can't do the same with TRUNK, but that should be still possible to check against, say, a 2.7 beta. Anthony -- Anthony Baxter <[EMAIL PROTECTED]> It's never too late to have a happy childhood. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] cvs.zope.org down
On Tuesday 21 October 2003 18:08, Jens Vagelpohl wrote: > Just a quick heads-up: > Then we will start restoring the data > from the old drives. That makes me nervous. How will you know that the sources in cvs havent been compromised? -- Toby Dickenson ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] cvs.zope.org down
Jens Vagelpohl wrote: > This morning we noticed some odd activity on cvs.zope.org that > looked like someone had broken into the machine. ... > The collector.zope.org web site, which was served from the same > machine, will probably end up being integrated into www.zope.org > tomorrow and cease to exist as a separate Zope instance. I'd like to make a request. If evidence reveals that {cvs,collector}.zope.org *was* compromised, then would ZC kindly consider making all 'security' bugs in the collector public? The reasoning being that there is little point behind hiding potential security problems from the zope community if the blackhat community has already obtained the details. That said, any status on getting the collector back up? -- Jamie Heilman http://audible.transient.net/~jamie/ ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )