> >>> Toby Dickenson wrote
> > That makes me nervous. How will you know that the sources in 
> cvs havent been 
> > compromised? 
> Surely people can compare checkouts of the various branches (2.6, 
> 2.7) against
> downloaded tarballs? We can't do the same with TRUNK, but that 
> should be still
> possible to check against, say, a 2.7 beta.

I have checkouts of just about every branch ever + the head in 
a couple of places - based on those, nothing untoward appears 
to have happened to the source tree.

Everyone with a product or other code in that cvs should do a 
check to make sure, but given that we caught the intrusion 
almost immediately and that the attacker's methods were rather 
unsophisticated, I think the risk is pretty low.

Brian Lloyd        [EMAIL PROTECTED]
V.P. Engineering   540.361.1716              
Zope Corporation   http://www.zope.com 

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to