Short story: The problem should have been fixed now and no security
problem occurred.
Long story: Some time ago, the sync between the main Propel repository
and our mirror was broken for some unknown reasons: it looked like some
changes occurred on the master Propel repository (as far as I
understand, someone forced a revision of one Propel changeset to be
changed -- so the sync process was not able to re-conciliate the content
of the changeset on the master and the one on the mirror). The only fix
I found was to just recreate the mirror from scratch. So, the repository
is "branch new" and during this "manipulation", I unfortunately messed
up with the UUID of the repository. This has been fixed now, so you
should be able to just update the repository as before. If you have
removed the directory to be able to update, you will need to redo the
same operation as the UUID is now back to its original value.
Sorry for the inconvenience,
Fabien
--
Fabien Potencier
Sensio CEO - symfony lead developer
sensiolabs.com | symfony-project.org | fabien.potencier.org
Tél: +33 1 40 99 80 80
On 9/5/10 9:23 PM, Tammo van Lessen wrote:
True, sorry if I didn't make this clear from the beginning. I'm
talking about http://propel.mirror.svn.symfony-project.com, which
appears to be a mirror which is maintained by the symfony community.
Nothing bad with Propel yet.
Thanks Francois for setting this right.
But actually I thought this would be the right group to find the right
person for resolving that.
Tammo
On Sep 5, 8:39 pm, Francois Zaninotto<[email protected]> wrote:
Hi guys,
An answer has been sent to Tammo in the Propel mailing-list
(cfhttp://groups.google.com/group/propel-development/browse_thread/threa...)
and to Tom on Twitter (cf.http://twitter.com/francoisz/status/23047243764
).
The answer is the same: thehttp://propel.mirror.svn.symfony-project.comserveris
not maintained
by the Propel team. You have to ask Fabien about
this.
Please stop thinking that the Propel team is unwilling to answer if you
can't even read the answers we send you.
Cheers,
François
2010/9/5 Tom Boutell<[email protected]>
My first thought was "drop Propel then!"
My second thought is... well, yes, drop Propel if the maintainer is
unwilling/unable to at least respond to this issue in the next 48
hours or so. I don't really know what alternative there is. If we're
going to ignore this warning, which is our only guarantee that an
external that is part of Symfony has not been compromised, then we're
saying that we don't really care if components of Symfony get
compromised. That is a bad message to send.
On Sun, Sep 5, 2010 at 10:55 AM, Tammo van Lessen<[email protected]>
wrote:
Hi,
this message is a warning that at the given location a different
repository has been found. Repositories are uniquely identified by an
UUID. So, if a repository has a different UUID it MUST be considered
to be a different repository (for whatever reason).
Sure, simply deleting the old vendor checkout and fetching it again is
a workaround but does not fix the problem that a) the UUID has changed
(why?) and b) the UUID is missing a character. If you compare the
UUIDs, you will see that it almost identical except for this one
missing 'a'. My assumption is that an SVN administrator did some
tweaks to the repository and mistakenly changed the UUID. The
pessimistic variant is that the server has been compromised. Will the
propel code now contain malware? I hope not and I assume that this is
also not the case, but this is what this warning message is good for.
So I strongly recommend to get to the bottom of this issue and check
a) why has the UUID changed and b) change it back to the correct
value.
Thanks,
Tammo
On Sep 5, 4:09 pm, Tom Boutell<[email protected]> wrote:
Oh, I see. Is this a case of the external changing and svn not being
bright enough to see that this makes it not an error anymore?
On Sat, Sep 4, 2010 at 8:47 PM, Keri Henare
<[email protected]> wrote:
I found that if you delete the vendor/propel folder and then do an
update it will check it out again with no more errors.
Kind regards,
Keri Henare
---------------------------------------------------
Chief Technical Officer
Pixel Fusion
[e] [email protected]
[w] pixelfusion.co.nz
[m] (+64) 021 874 552
[p] (+64) 09 550 3084
Zend Certified Engineer -
http://www.zend.com/en/yellow-pages#show-ClientCandidateID=ZEND013450
PLEASE NOTE: I check my email 3 times per day and will respond at
these intervals. For anything urgent please ring me.
---------------------------------------------------
On 5/09/2010, at 5:50 AM, Tom Boutell wrote:
Yeah, everyone is seeing this. I'm emailing Francois about it. We
don't use Propel but this sort of thing shouldn't be left to hang...
On Sat, Sep 4, 2010 at 11:35 AM, Tammo van Lessen<
[email protected]> wrote:
Hi devs,
Since a couple of weeks or so, my svn client complains about a UUID
change of the propel mirror repository:
Fetching external item into 'lib\vendor\symfony\lib\plugins
\sfPropelPlugin\lib\vendor\propel'
svn: warning: Repository UUID '84bc4f6-26e8-416f-aa96-3cde13879fbb'
doesn't match expected UUID 'a84bc4f6-26e8-416f-aa96-3cde13879fbb'
It looks like this repository has lost its first character, also
since
UUIDs are typically structured in the form 8-4-4-4-12, the new UUID
appears to be not valid or complete anymore (it is 7-4-4-4-12
actually).
Long story short: I just want to get sure that the propel repository
is still clean and has not been compromised by any evil hacker.
Would
be great if you can confirm that this is not the case and it would
be
even greater if you could fix the UUID back to its original value
and
more importantly to a valid UUID.
Thanks,
Tammo
--
If you want to report a vulnerability issue on symfony, please send
it to security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]<symfony-devs%[email protected]>
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
--
Tom Boutell
P'unk Avenue
215 755 1330
punkave.com
window.punkave.com
--
If you want to report a vulnerability issue on symfony, please send
it to security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]<symfony-devs%[email protected]>
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
--
If you want to report a vulnerability issue on symfony, please send it
to security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]<symfony-devs%[email protected]>
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
--
Tom Boutell
P'unk Avenue
215 755 1330
punkave.com
window.punkave.com
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]<symfony-devs%[email protected]>
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
--
Tom Boutell
P'unk Avenue
215 755 1330
punkave.com
window.punkave.com
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]<symfony-devs%[email protected]>
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en