[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnu.org #209003] Re: [Savannah-hackers] Outdated file location for AUCT
James Blair via RT
[gnu.org #209003] Re: [Savannah-hackers] Outdated file location for AUCTeX?
Mon, 30 Aug 2004 18:25:23 -0400
> address@hidden - Tue Aug 24 04:51:12 2004]:
> http://ftp.gnu.org/savannah/files/ contains files that were available
> before the crack, and may be compromised. I think they were moved
> there in case a project administrator needed them, before we delete
> them definitely.
> I think it is a good time to do so right now.
> People at ftp.gnu.org (in Cc) should be able to make a symlink to the
> official location then, but I think it would be cleaner if we could
> remove the outdated directory definitively.
> What do you all think?
Sorry for the delay, I wanted to have a conversation with Bradley Kuhn
about this before I responded.
It is disturbing that this directory is being mirrored. The last thing
we want to do is distribute possibly compromised code. We should indeed
pull it ASAP. How about this proposal:
1) Move contents of ftp.gnu.org/savannah out of the way
2) Make them available to people by email request
3) Replace with a README that explains:
a) about the compromise
b) what resources are available to developers that would like to
audit their code
c) whom to contact by email to get those resources
d) whom to contact by email to report results of an audit
4) Possibly include a list of packages and their audit status?
I don't think we've received an audit report in a very long time, so I
don't expect that we'll actually get many (if any) requests. Would
savannah-hackers be interested in storing these resources on the
Savannah server (in a non-public-accessible location) and being the
point of contact for requests?
|[Prev in Thread]
||[Next in Thread]|
- [gnu.org #209003] Re: [Savannah-hackers] Outdated file location for AUCTeX?,
James Blair via RT <=