|
| From: | Vincent Caron |
| Subject: | Re: [Savannah-hackers] Re: Plan for today |
| Date: | Thu, 18 Dec 2003 17:51:00 +0100 |
| User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4 |
Mathieu Roy wrote:
1) I trust the latest CVS. I worked during the whole month of the
compromise intensively with the CVS and I do not believe possible to
miss an unnoticed harsh change in the CVS:
- I always check the diff for commits not made by myself
- A file that I did not change myself would produce at least and
"U" during a CVS update.
In theory, a malicious hacker could change the RCS file in place without you noticing on cvs updates. Although that's very tricky and there are plenty of other places with easier and more insteresting backdoors to install.
Also, if I remember well, Loic said that he checked and found nothing strange.
I believe Loic did an audit too, someone has a trace of his confirmation ?
(I insist on the fact that this kind of change must not be commited on the Savannah CVS itself)
I suggest we set up a new CVS repository with an import from the TDEV_2003-09-05_CERN branch for the sake of subversions (we need the audit confirmation first for that, tapping code from nov 1st would deprive us of a lot of bugfixes). We can resync later and progressively with the official Savannah tree. Makes sense to you Mathieu ?
| [Prev in Thread] | Current Thread | [Next in Thread] |