subject:"\[racket\-users\] Re\: \[racket\-dev\] Racket Package Server Security Vulnerabilities"

Re: [racket-users] Re: [racket-dev] Racket Package Server Security Vulnerabilities

2015-09-22 Thread Laurent

On Tue, Sep 22, 2015 at 1:14 PM, Laurent wrote: > Also, were the passwords salted? > Sorry, I pressed 'Send' too early: the website says the passwords are stored in bcrypt format. -- You received this message because you are subscribed to the Google Groups "Racket

Re: [racket-users] Re: [racket-dev] Racket Package Server Security Vulnerabilities

2015-09-22 Thread Laurent

The server says that my package MrEd Designer ( http://pkgs.racket-lang.org/#[mred-designer] ) has been updated on 9/21/2015, 2:55:41 PM but my last commit is from 2 years ago and I haven't updated the package info in ages. The package description doesn't look suspicious. Should I be worried or is

[racket-users] Re: [racket-dev] Racket Package Server Security Vulnerabilities

2015-09-21 Thread Alexis King

> * Change your password on the http://pkgs.racket-lang.org site. For anyone confused about how to do this, I just spent a few minutes trying to figure it out, myself. You have to log out, then log back in with your email address and intentionally specify an incorrect password. The package