True, sorry if I didn't make this clear from the beginning. I'm
talking about http://propel.mirror.svn.symfony-project.com, which
appears to be a mirror which is maintained by the symfony community.
Nothing bad with Propel yet.
Thanks Francois for setting this right.
But actually I thought this would be the right group to find the right
person for resolving that.

Tammo

On Sep 5, 8:39 pm, Francois Zaninotto <[email protected]> wrote:
> Hi guys,
>
> An answer has been sent to Tammo in the Propel mailing-list 
> (cfhttp://groups.google.com/group/propel-development/browse_thread/threa...)
> and to Tom on Twitter (cf.http://twitter.com/francoisz/status/23047243764
> ).
>
> The answer is the same: 
> thehttp://propel.mirror.svn.symfony-project.comserveris not maintained
> by the Propel team. You have to ask Fabien about
> this.
>
> Please stop thinking that the Propel team is unwilling to answer if you
> can't even read the answers we send you.
>
> Cheers,
>
> François
>
> 2010/9/5 Tom Boutell <[email protected]>
>
> > My first thought was "drop Propel then!"
>
> > My second thought is... well, yes, drop Propel if the maintainer is
> > unwilling/unable to at least respond to this issue in the next 48
> > hours or so. I don't really know what alternative there is. If we're
> > going to ignore this warning, which is our only guarantee that an
> > external that is part of Symfony has not been compromised, then we're
> > saying that we don't really care if components of Symfony get
> > compromised. That is a bad message to send.
>
> > On Sun, Sep 5, 2010 at 10:55 AM, Tammo van Lessen <[email protected]>
> > wrote:
> > > Hi,
>
> > > this message is a warning that at the given location a different
> > > repository has been found. Repositories are uniquely identified by an
> > > UUID. So, if a repository has a different UUID it MUST be considered
> > > to be a different repository (for whatever reason).
>
> > > Sure, simply deleting the old vendor checkout and fetching it again is
> > > a workaround but does not fix the problem that a) the UUID has changed
> > > (why?) and b) the UUID is missing a character. If you compare the
> > > UUIDs, you will see that it almost identical except for this one
> > > missing 'a'. My assumption is that an SVN administrator did some
> > > tweaks to the repository and mistakenly changed the UUID. The
> > > pessimistic variant is that the server has been compromised. Will the
> > > propel code now contain malware? I hope not and I assume that this is
> > > also not the case, but this is what this warning message is good for.
> > > So I strongly recommend to get to the bottom of this issue and check
> > > a) why has the UUID changed and b) change it back to the correct
> > > value.
>
> > > Thanks,
> > >  Tammo
>
> > > On Sep 5, 4:09 pm, Tom Boutell <[email protected]> wrote:
> > >> Oh, I see. Is this a case of the external changing and svn not being
> > >> bright enough to see that this makes it not an error anymore?
>
> > >> On Sat, Sep 4, 2010 at 8:47 PM, Keri Henare
>
> > >> <[email protected]> wrote:
> > >> > I found that if you delete the vendor/propel folder and then do an
> > update it will check it out again with no more errors.
>
> > >> > Kind regards,
> > >> > Keri Henare
> > >> > ---------------------------------------------------
> > >> > Chief Technical Officer
> > >> > Pixel Fusion
>
> > >> > [e]  [email protected]
> > >> > [w]  pixelfusion.co.nz
> > >> > [m]  (+64) 021 874 552
> > >> > [p]  (+64) 09 550 3084
>
> > >> > Zend Certified Engineer -
> >http://www.zend.com/en/yellow-pages#show-ClientCandidateID=ZEND013450
>
> > >> > PLEASE NOTE: I check my email 3 times per day and will respond at
> > these intervals.  For anything urgent please ring me.
> > >> > ---------------------------------------------------
>
> > >> > On 5/09/2010, at 5:50 AM, Tom Boutell wrote:
>
> > >> >> Yeah, everyone is seeing this. I'm emailing Francois about it. We
> > >> >> don't use Propel but this sort of thing shouldn't be left to hang...
>
> > >> >> On Sat, Sep 4, 2010 at 11:35 AM, Tammo van Lessen <
> > [email protected]> wrote:
> > >> >>> Hi devs,
>
> > >> >>> Since a couple of weeks or so, my svn client complains about a UUID
> > >> >>> change of the propel mirror repository:
>
> > >> >>> Fetching external item into 'lib\vendor\symfony\lib\plugins
> > >> >>> \sfPropelPlugin\lib\vendor\propel'
> > >> >>> svn: warning: Repository UUID '84bc4f6-26e8-416f-aa96-3cde13879fbb'
> > >> >>> doesn't match expected UUID 'a84bc4f6-26e8-416f-aa96-3cde13879fbb'
>
> > >> >>> It looks like this repository has lost its first character, also
> > since
> > >> >>> UUIDs are typically structured in the form 8-4-4-4-12, the new UUID
> > >> >>> appears to be not valid or complete anymore (it is 7-4-4-4-12
> > >> >>> actually).
>
> > >> >>> Long story short: I just want to get sure that the propel repository
> > >> >>> is still clean and has not been compromised by any evil hacker.
> > Would
> > >> >>> be great if you can confirm that this is not the case and it would
> > be
> > >> >>> even greater if you could fix the UUID back to its original value
> > and
> > >> >>> more importantly to a valid UUID.
>
> > >> >>> Thanks,
> > >> >>>  Tammo
>
> > >> >>> --
> > >> >>> If you want to report a vulnerability issue on symfony, please send
> > it to security at symfony-project.com
>
> > >> >>> You received this message because you are subscribed to the Google
> > >> >>> Groups "symfony developers" group.
> > >> >>> To post to this group, send email to [email protected]
> > >> >>> To unsubscribe from this group, send email to
> > >> >>> [email protected]<symfony-devs%[email protected]>
> > >> >>> For more options, visit this group at
> > >> >>>http://groups.google.com/group/symfony-devs?hl=en
>
> > >> >> --
> > >> >> Tom Boutell
> > >> >> P'unk Avenue
> > >> >> 215 755 1330
> > >> >> punkave.com
> > >> >> window.punkave.com
>
> > >> >> --
> > >> >> If you want to report a vulnerability issue on symfony, please send
> > it to security at symfony-project.com
>
> > >> >> You received this message because you are subscribed to the Google
> > >> >> Groups "symfony developers" group.
> > >> >> To post to this group, send email to [email protected]
> > >> >> To unsubscribe from this group, send email to
> > >> >> [email protected]<symfony-devs%[email protected]>
> > >> >> For more options, visit this group at
> > >> >>http://groups.google.com/group/symfony-devs?hl=en
>
> > >> > --
> > >> > If you want to report a vulnerability issue on symfony, please send it
> > to security at symfony-project.com
>
> > >> > You received this message because you are subscribed to the Google
> > >> > Groups "symfony developers" group.
> > >> > To post to this group, send email to [email protected]
> > >> > To unsubscribe from this group, send email to
> > >> > [email protected]<symfony-devs%[email protected]>
> > >> > For more options, visit this group at
> > >> >http://groups.google.com/group/symfony-devs?hl=en
>
> > >> --
> > >> Tom Boutell
> > >> P'unk Avenue
> > >> 215 755 1330
> > >> punkave.com
> > >> window.punkave.com
>
> > > --
> > > If you want to report a vulnerability issue on symfony, please send it to
> > security at symfony-project.com
>
> > > You received this message because you are subscribed to the Google
> > > Groups "symfony developers" group.
> > > To post to this group, send email to [email protected]
> > > To unsubscribe from this group, send email to
> > > [email protected]<symfony-devs%[email protected]>
> > > For more options, visit this group at
> > >http://groups.google.com/group/symfony-devs?hl=en
>
> > --
> > Tom Boutell
> > P'unk Avenue
> > 215 755 1330
> > punkave.com
> > window.punkave.com
>
> > --
> > If you want to report a vulnerability issue on symfony, please send it to
> > security at symfony-project.com
>
> > You received this message because you are subscribed to the Google
> > Groups "symfony developers" group.
> > To post to this group, send email to [email protected]
> > To unsubscribe from this group, send email to
> > [email protected]<symfony-devs%[email protected]>
> > For more options, visit this group at
> >http://groups.google.com/group/symfony-devs?hl=en
>
>

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en

Reply via email to