> >>> Toby Dickenson wrote > > That makes me nervous. How will you know that the sources in > cvs havent been > > compromised? > > Surely people can compare checkouts of the various branches (2.6, > 2.7) against > downloaded tarballs? We can't do the same with TRUNK, but that > should be still > possible to check against, say, a 2.7 beta.
I have checkouts of just about every branch ever + the head in a couple of places - based on those, nothing untoward appears to have happened to the source tree. Everyone with a product or other code in that cvs should do a check to make sure, but given that we caught the intrusion almost immediately and that the attacker's methods were rather unsophisticated, I think the risk is pretty low. Brian Lloyd [EMAIL PROTECTED] V.P. Engineering 540.361.1716 Zope Corporation http://www.zope.com _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )