[Savannah-hackers-public] Re: [gnu.org #254064] ftp.gnu.org/savannah/fil

savannah-hackers-public

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-hackers-public] Re: [gnu.org #254064] ftp.gnu.org/savannah/fil

From:	Sylvain Beucler
Subject:	[Savannah-hackers-public] Re: [gnu.org #254064] ftp.gnu.org/savannah/files/
Date:	Tue, 18 Oct 2005 20:00:26 +0200
User-agent:	Mutt/1.5.9i

I guess that a README saying that
---
The files that previously resided in this directory were untrusted
uploads backed-up after the Savannah compromise back in 2003, and were
provided for their maintainers to review them.

We now believe those reviews were performed, and we are concerned
about publicly providing untrusted files. Thus, we removed them.

If however you are a maintainer of those files and which to retrieve
them, please get in touch with the Savannah Hackers at
address@hidden
---
should be enough :)

Note that the archives _should not be deleted_ but moved somewhere on
Savannah so you and I can provide files to maintainers on demand. The
main goal is to prevent the files from being widely mirrored and/or
referenced as an official download area.

-- 
Sylvain

On Tue, Oct 18, 2005 at 12:39:42PM -0400, Joshua Ginsberg via RT wrote:
> Sylvain --
> 
> I don't... do you... I mean....... what?
> 
> So do you want all of those archives deleted at this point and replaced
> with a README? If so, according to Jim's email, that README should include:
> 
>    a) about the compromise
>    b) what resources are available to developers that would like to
>       audit their code
>    c) whom to contact by email to get those resources
>    d) whom to contact by email to report results of an audit
> 
> I can do bullet a. I don't have any information about b through d.
> 
> I'm also going to contact Jim to find out why this was never done. It
> seems that it should have but wasn't.
> 
> -jag
> 
> > [beuc - Fri Oct 07 14:43:01 2005]:
> > 
> > Hello,
> > 
> > I remember Jim contacted sv-hackers regarding
> > ftp://ftp.gnu.org/savannah/files/
> > 
> > These are the files from before the Savannah 2003 compromise. There
> > are a way for maintainers to grab their files and check them before to
> > (maybe) re-upload them.
> > 
> > However, thoses files were apparently mirrored.
> > 
> > Please check the following 2 messages:
> > http://lists.gnu.org/archive/html/savannah-hackers/2004-08/msg00835.html
> > http://lists.gnu.org/archive/html/savannah-hackers/2004-08/msg00905.html
> > 
> > 
> > Could you check the status of this task? Unfortunately the people
> > involved were Jim and Bradley, and there's not here anymore - do you
> > know what we should do here?

[Prev in Thread]

Current Thread

[Next in Thread]

[Savannah-hackers-public] [gnu.org #254064] ftp.gnu.org/savannah/files/, Joshua Ginsberg via RT, 2005/10/18
- [Savannah-hackers-public] Re: [gnu.org #254064] ftp.gnu.org/savannah/files/, Sylvain Beucler <=
- [Savannah-hackers-public] [gnu.org #254064] ftp.gnu.org/savannah/files/, Joshua Ginsberg via RT, 2005/10/24

Prev by Date: [Savannah-hackers-public] Re: [gnu.org #254064] ftp.gnu.org/savannah/files/
Next by Date: [Savannah-hackers-public] Link exchange request from Agile Software
Previous by thread: [Savannah-hackers-public] [gnu.org #254064] ftp.gnu.org/savannah/files/
Next by thread: [Savannah-hackers-public] [gnu.org #254064] ftp.gnu.org/savannah/files/
Index(es):
- Date
- Thread