From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: Richard Stallman Newsgroups: gmane.emacs.devel Subject: Re: What shall we do to verify the CVS diffs for emacs? Date: Sat, 17 Jan 2004 07:54:03 -0500 Sender: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Message-ID: References: <200401132134.i0DLYPO2006888@sun1.aic.nrl.navy.mil> <20040116230449.GC13013@fencepost> Reply-To: rms@gnu.org NNTP-Posting-Host: deer.gmane.org X-Trace: sea.gmane.org 1074344293 508 80.91.224.253 (17 Jan 2004 12:58:13 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Sat, 17 Jan 2004 12:58:13 +0000 (UTC) Cc: emacs-devel@gnu.org, Hoey@aic.nrl.navy.mil, storm@cua.dk Original-X-From: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Sat Jan 17 13:58:08 2004 Return-path: Original-Received: from quimby.gnus.org ([80.91.224.244]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1Ahq1g-0008Rk-00 for ; Sat, 17 Jan 2004 13:58:08 +0100 Original-Received: from monty-python.gnu.org ([199.232.76.173]) by quimby.gnus.org with esmtp (Exim 3.35 #1 (Debian)) id 1Ahq1g-00026F-00 for ; Sat, 17 Jan 2004 13:58:08 +0100 Original-Received: from localhost ([127.0.0.1] helo=monty-python.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.24) id 1Ahq0p-0004eG-H8 for emacs-devel@quimby.gnus.org; Sat, 17 Jan 2004 07:57:15 -0500 Original-Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.24) id 1Ahq0K-0004W0-7g for emacs-devel@gnu.org; Sat, 17 Jan 2004 07:56:44 -0500 Original-Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.24) id 1Ahpzn-0004MF-7F for emacs-devel@gnu.org; Sat, 17 Jan 2004 07:56:42 -0500 Original-Received: from [199.232.76.164] (helo=fencepost.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.24) id 1AhpzX-0004Cb-6K for emacs-devel@gnu.org; Sat, 17 Jan 2004 07:55:55 -0500 Original-Received: from rms by fencepost.gnu.org with local (Exim 4.24) id 1Ahpxj-0005z8-61; Sat, 17 Jan 2004 07:54:03 -0500 Original-To: Miles Bader In-reply-to: <20040116230449.GC13013@fencepost> (message from Miles Bader on Fri, 16 Jan 2004 18:04:49 -0500) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.2 Precedence: list List-Id: Emacs development discussions. List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Xref: main.gmane.org gmane.emacs.devel:19216 X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:19216 Naturally, any bogus checkins to CVS would have been mirrored in the arch branch as well, but perhaps it might serve as check against retro-active modification of the CVS files on savannah. This could be very useful. If you can verify that the check-ins recorded in CVS with dates before the crack occurred are the same as you put in your arch archive, that would be enough to show they are ok. That might do more than half the job right there. I think it is unlikely the cracker found your mirror. In addition, the archive has been mirrored on a non-GNU host since 1-sept (and arch mirrors are essentially append-only); however there's still a (small) avenue for compromise, even with the mirror, as I have an ssh key for it stored on fencepost. Do you have backups for the mirror? If so, you could check the mirror against its backups to verify that things were not altered subsequently.