From: Miles Bader <miles@gnu.org>
Cc: emacs-devel@gnu.org, Hoey@aic.nrl.navy.mil,
"Kim F. Storm" <storm@cua.dk>
Subject: Re: What shall we do to verify the CVS diffs for emacs?
Date: Fri, 16 Jan 2004 18:04:49 -0500 [thread overview]
Message-ID: <20040116230449.GC13013@fencepost> (raw)
In-Reply-To: <E1Aha2u-0000vo-Oe@fencepost.gnu.org>
On Fri, Jan 16, 2004 at 02:54:20PM -0500, Richard Stallman wrote:
> Then send me a list of the files you want to verify (C code or Lisp),
> or just request a list of files to check (and I'll chose some files
> for you).
>
> My idea was that we would ask the various contributors to check the
> changes they installed. It doesn't have to be done that way; we
> can try it this way too.
I don't know whether it's useful, but I've been tracking the emacs CVS
sources with my arch branch since before the break-in.
Naturally, any bogus checkins to CVS would have been mirrored in the arch
branch as well, but perhaps it might serve as check against retro-active
modification of the CVS files on savannah.
The intruder could have _also_ modified the arch archive to match[*] -- they
are now gpg-signed, but unfortunately were not at the time of the incident --
but that seems a fair bit less likely. In addition, the archive has been
mirrored on a non-GNU host since 1-sept (and arch mirrors are essentially
append-only); however there's still a (small) avenue for compromise, even
with the mirror, as I have an ssh key for it stored on fencepost.
[*] stored on fencepost, in my home dir
-Miles
--
Love is a snowmobile racing across the tundra. Suddenly it flips over,
pinning you underneath. At night the ice weasels come. --Nietzsche
next prev parent reply other threads:[~2004-01-16 23:04 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-01-13 21:34 What shall we do to verify the CVS diffs for emacs? Dan Hoey
2004-01-14 6:14 ` Eli Zaretskii
2004-01-14 20:08 ` Dan Hoey
2004-01-15 11:43 ` Thien-Thi Nguyen
2004-01-15 18:47 ` David Kastrup
2004-01-15 20:32 ` Thien-Thi Nguyen
2004-01-15 21:21 ` Richard Stallman
2004-01-16 2:11 ` Kim F. Storm
2004-01-16 19:54 ` Richard Stallman
2004-01-16 23:04 ` Miles Bader [this message]
2004-01-17 1:55 ` Kim F. Storm
2004-01-17 1:27 ` Miles Bader
2004-01-17 12:54 ` Richard Stallman
-- strict thread matches above, loose matches on Subject: below --
2003-12-16 1:29 Kim F. Storm
2003-12-17 3:27 ` Richard Stallman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040116230449.GC13013@fencepost \
--to=miles@gnu.org \
--cc=Hoey@aic.nrl.navy.mil \
--cc=emacs-devel@gnu.org \
--cc=storm@cua.dk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).