Hi,

this message is a warning that at the given location a different
repository has been found. Repositories are uniquely identified by an
UUID. So, if a repository has a different UUID it MUST be considered
to be a different repository (for whatever reason).

Sure, simply deleting the old vendor checkout and fetching it again is
a workaround but does not fix the problem that a) the UUID has changed
(why?) and b) the UUID is missing a character. If you compare the
UUIDs, you will see that it almost identical except for this one
missing 'a'. My assumption is that an SVN administrator did some
tweaks to the repository and mistakenly changed the UUID. The
pessimistic variant is that the server has been compromised. Will the
propel code now contain malware? I hope not and I assume that this is
also not the case, but this is what this warning message is good for.
So I strongly recommend to get to the bottom of this issue and check
a) why has the UUID changed and b) change it back to the correct
value.

Thanks,
  Tammo

On Sep 5, 4:09 pm, Tom Boutell <[email protected]> wrote:
> Oh, I see. Is this a case of the external changing and svn not being
> bright enough to see that this makes it not an error anymore?
>
> On Sat, Sep 4, 2010 at 8:47 PM, Keri Henare
>
>
>
> <[email protected]> wrote:
> > I found that if you delete the vendor/propel folder and then do an update 
> > it will check it out again with no more errors.
>
> > Kind regards,
> > Keri Henare
> > ---------------------------------------------------
> > Chief Technical Officer
> > Pixel Fusion
>
> > [e]  [email protected]
> > [w]  pixelfusion.co.nz
> > [m]  (+64) 021 874 552
> > [p]  (+64) 09 550 3084
>
> > Zend Certified Engineer 
> > -http://www.zend.com/en/yellow-pages#show-ClientCandidateID=ZEND013450
>
> > PLEASE NOTE: I check my email 3 times per day and will respond at these 
> > intervals.  For anything urgent please ring me.
> > ---------------------------------------------------
>
> > On 5/09/2010, at 5:50 AM, Tom Boutell wrote:
>
> >> Yeah, everyone is seeing this. I'm emailing Francois about it. We
> >> don't use Propel but this sort of thing shouldn't be left to hang...
>
> >> On Sat, Sep 4, 2010 at 11:35 AM, Tammo van Lessen <[email protected]> 
> >> wrote:
> >>> Hi devs,
>
> >>> Since a couple of weeks or so, my svn client complains about a UUID
> >>> change of the propel mirror repository:
>
> >>> Fetching external item into 'lib\vendor\symfony\lib\plugins
> >>> \sfPropelPlugin\lib\vendor\propel'
> >>> svn: warning: Repository UUID '84bc4f6-26e8-416f-aa96-3cde13879fbb'
> >>> doesn't match expected UUID 'a84bc4f6-26e8-416f-aa96-3cde13879fbb'
>
> >>> It looks like this repository has lost its first character, also since
> >>> UUIDs are typically structured in the form 8-4-4-4-12, the new UUID
> >>> appears to be not valid or complete anymore (it is 7-4-4-4-12
> >>> actually).
>
> >>> Long story short: I just want to get sure that the propel repository
> >>> is still clean and has not been compromised by any evil hacker. Would
> >>> be great if you can confirm that this is not the case and it would be
> >>> even greater if you could fix the UUID back to its original value and
> >>> more importantly to a valid UUID.
>
> >>> Thanks,
> >>>  Tammo
>
> >>> --
> >>> If you want to report a vulnerability issue on symfony, please send it to 
> >>> security at symfony-project.com
>
> >>> You received this message because you are subscribed to the Google
> >>> Groups "symfony developers" group.
> >>> To post to this group, send email to [email protected]
> >>> To unsubscribe from this group, send email to
> >>> [email protected]
> >>> For more options, visit this group at
> >>>http://groups.google.com/group/symfony-devs?hl=en
>
> >> --
> >> Tom Boutell
> >> P'unk Avenue
> >> 215 755 1330
> >> punkave.com
> >> window.punkave.com
>
> >> --
> >> If you want to report a vulnerability issue on symfony, please send it to 
> >> security at symfony-project.com
>
> >> You received this message because you are subscribed to the Google
> >> Groups "symfony developers" group.
> >> To post to this group, send email to [email protected]
> >> To unsubscribe from this group, send email to
> >> [email protected]
> >> For more options, visit this group at
> >>http://groups.google.com/group/symfony-devs?hl=en
>
> > --
> > If you want to report a vulnerability issue on symfony, please send it to 
> > security at symfony-project.com
>
> > You received this message because you are subscribed to the Google
> > Groups "symfony developers" group.
> > To post to this group, send email to [email protected]
> > To unsubscribe from this group, send email to
> > [email protected]
> > For more options, visit this group at
> >http://groups.google.com/group/symfony-devs?hl=en
>
> --
> Tom Boutell
> P'unk Avenue
> 215 755 1330
> punkave.com
> window.punkave.com

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en

Reply via email to