My first thought was "drop Propel then!" My second thought is... well, yes, drop Propel if the maintainer is unwilling/unable to at least respond to this issue in the next 48 hours or so. I don't really know what alternative there is. If we're going to ignore this warning, which is our only guarantee that an external that is part of Symfony has not been compromised, then we're saying that we don't really care if components of Symfony get compromised. That is a bad message to send.
On Sun, Sep 5, 2010 at 10:55 AM, Tammo van Lessen <[email protected]> wrote: > Hi, > > this message is a warning that at the given location a different > repository has been found. Repositories are uniquely identified by an > UUID. So, if a repository has a different UUID it MUST be considered > to be a different repository (for whatever reason). > > Sure, simply deleting the old vendor checkout and fetching it again is > a workaround but does not fix the problem that a) the UUID has changed > (why?) and b) the UUID is missing a character. If you compare the > UUIDs, you will see that it almost identical except for this one > missing 'a'. My assumption is that an SVN administrator did some > tweaks to the repository and mistakenly changed the UUID. The > pessimistic variant is that the server has been compromised. Will the > propel code now contain malware? I hope not and I assume that this is > also not the case, but this is what this warning message is good for. > So I strongly recommend to get to the bottom of this issue and check > a) why has the UUID changed and b) change it back to the correct > value. > > Thanks, > Tammo > > On Sep 5, 4:09 pm, Tom Boutell <[email protected]> wrote: >> Oh, I see. Is this a case of the external changing and svn not being >> bright enough to see that this makes it not an error anymore? >> >> On Sat, Sep 4, 2010 at 8:47 PM, Keri Henare >> >> >> >> <[email protected]> wrote: >> > I found that if you delete the vendor/propel folder and then do an update >> > it will check it out again with no more errors. >> >> > Kind regards, >> > Keri Henare >> > --------------------------------------------------- >> > Chief Technical Officer >> > Pixel Fusion >> >> > [e] [email protected] >> > [w] pixelfusion.co.nz >> > [m] (+64) 021 874 552 >> > [p] (+64) 09 550 3084 >> >> > Zend Certified Engineer >> > -http://www.zend.com/en/yellow-pages#show-ClientCandidateID=ZEND013450 >> >> > PLEASE NOTE: I check my email 3 times per day and will respond at these >> > intervals. For anything urgent please ring me. >> > --------------------------------------------------- >> >> > On 5/09/2010, at 5:50 AM, Tom Boutell wrote: >> >> >> Yeah, everyone is seeing this. I'm emailing Francois about it. We >> >> don't use Propel but this sort of thing shouldn't be left to hang... >> >> >> On Sat, Sep 4, 2010 at 11:35 AM, Tammo van Lessen <[email protected]> >> >> wrote: >> >>> Hi devs, >> >> >>> Since a couple of weeks or so, my svn client complains about a UUID >> >>> change of the propel mirror repository: >> >> >>> Fetching external item into 'lib\vendor\symfony\lib\plugins >> >>> \sfPropelPlugin\lib\vendor\propel' >> >>> svn: warning: Repository UUID '84bc4f6-26e8-416f-aa96-3cde13879fbb' >> >>> doesn't match expected UUID 'a84bc4f6-26e8-416f-aa96-3cde13879fbb' >> >> >>> It looks like this repository has lost its first character, also since >> >>> UUIDs are typically structured in the form 8-4-4-4-12, the new UUID >> >>> appears to be not valid or complete anymore (it is 7-4-4-4-12 >> >>> actually). >> >> >>> Long story short: I just want to get sure that the propel repository >> >>> is still clean and has not been compromised by any evil hacker. Would >> >>> be great if you can confirm that this is not the case and it would be >> >>> even greater if you could fix the UUID back to its original value and >> >>> more importantly to a valid UUID. >> >> >>> Thanks, >> >>> Tammo >> >> >>> -- >> >>> If you want to report a vulnerability issue on symfony, please send it >> >>> to security at symfony-project.com >> >> >>> You received this message because you are subscribed to the Google >> >>> Groups "symfony developers" group. >> >>> To post to this group, send email to [email protected] >> >>> To unsubscribe from this group, send email to >> >>> [email protected] >> >>> For more options, visit this group at >> >>>http://groups.google.com/group/symfony-devs?hl=en >> >> >> -- >> >> Tom Boutell >> >> P'unk Avenue >> >> 215 755 1330 >> >> punkave.com >> >> window.punkave.com >> >> >> -- >> >> If you want to report a vulnerability issue on symfony, please send it to >> >> security at symfony-project.com >> >> >> You received this message because you are subscribed to the Google >> >> Groups "symfony developers" group. >> >> To post to this group, send email to [email protected] >> >> To unsubscribe from this group, send email to >> >> [email protected] >> >> For more options, visit this group at >> >>http://groups.google.com/group/symfony-devs?hl=en >> >> > -- >> > If you want to report a vulnerability issue on symfony, please send it to >> > security at symfony-project.com >> >> > You received this message because you are subscribed to the Google >> > Groups "symfony developers" group. >> > To post to this group, send email to [email protected] >> > To unsubscribe from this group, send email to >> > [email protected] >> > For more options, visit this group at >> >http://groups.google.com/group/symfony-devs?hl=en >> >> -- >> Tom Boutell >> P'unk Avenue >> 215 755 1330 >> punkave.com >> window.punkave.com > > -- > If you want to report a vulnerability issue on symfony, please send it to > security at symfony-project.com > > You received this message because you are subscribed to the Google > Groups "symfony developers" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/symfony-devs?hl=en > -- Tom Boutell P'unk Avenue 215 755 1330 punkave.com window.punkave.com -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
