From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: Miles Bader Newsgroups: gmane.emacs.devel Subject: Re: What shall we do to verify the CVS diffs for emacs? Date: Fri, 16 Jan 2004 18:04:49 -0500 Sender: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Message-ID: <20040116230449.GC13013@fencepost> References: <200401132134.i0DLYPO2006888@sun1.aic.nrl.navy.mil> NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1074294631 30226 80.91.224.253 (16 Jan 2004 23:10:31 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Fri, 16 Jan 2004 23:10:31 +0000 (UTC) Cc: emacs-devel@gnu.org, Hoey@aic.nrl.navy.mil, "Kim F. Storm" Original-X-From: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Sat Jan 17 00:10:25 2004 Return-path: Original-Received: from quimby.gnus.org ([80.91.224.244]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1Ahd6f-0001ao-00 for ; Sat, 17 Jan 2004 00:10:25 +0100 Original-Received: from monty-python.gnu.org ([199.232.76.173]) by quimby.gnus.org with esmtp (Exim 3.35 #1 (Debian)) id 1Ahd6f-0003Kv-00 for ; Sat, 17 Jan 2004 00:10:25 +0100 Original-Received: from localhost ([127.0.0.1] helo=monty-python.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.24) id 1Ahd50-0006hG-IY for emacs-devel@quimby.gnus.org; Fri, 16 Jan 2004 18:08:42 -0500 Original-Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.24) id 1Ahd3Y-0006Ef-HX for emacs-devel@gnu.org; Fri, 16 Jan 2004 18:07:12 -0500 Original-Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.24) id 1Ahd2r-0005OI-B8 for emacs-devel@gnu.org; Fri, 16 Jan 2004 18:07:01 -0500 Original-Received: from [199.232.76.164] (helo=fencepost.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.24) id 1Ahd2q-0005NP-Bu for emacs-devel@gnu.org; Fri, 16 Jan 2004 18:06:28 -0500 Original-Received: from miles by fencepost.gnu.org with local (Exim 4.24) id 1Ahd1F-00046O-JQ; Fri, 16 Jan 2004 18:04:49 -0500 Original-To: Richard Stallman Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.28i Blat: Foop X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.2 Precedence: list List-Id: Emacs development discussions. List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Xref: main.gmane.org gmane.emacs.devel:19209 X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:19209 On Fri, Jan 16, 2004 at 02:54:20PM -0500, Richard Stallman wrote: > Then send me a list of the files you want to verify (C code or Lisp), > or just request a list of files to check (and I'll chose some files > for you). > > My idea was that we would ask the various contributors to check the > changes they installed. It doesn't have to be done that way; we > can try it this way too. I don't know whether it's useful, but I've been tracking the emacs CVS sources with my arch branch since before the break-in. Naturally, any bogus checkins to CVS would have been mirrored in the arch branch as well, but perhaps it might serve as check against retro-active modification of the CVS files on savannah. The intruder could have _also_ modified the arch archive to match[*] -- they are now gpg-signed, but unfortunately were not at the time of the incident -- but that seems a fair bit less likely. In addition, the archive has been mirrored on a non-GNU host since 1-sept (and arch mirrors are essentially append-only); however there's still a (small) avenue for compromise, even with the mirror, as I have an ssh key for it stored on fencepost. [*] stored on fencepost, in my home dir -Miles -- Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come. --Nietzsche