[Zope-dev] cvs.zope.org down
Brian Lloyd
brian at zope.com
Thu Oct 23 09:31:38 EDT 2003
> >>> Toby Dickenson wrote
> > That makes me nervous. How will you know that the sources in
> cvs havent been
> > compromised?
>
> Surely people can compare checkouts of the various branches (2.6,
> 2.7) against
> downloaded tarballs? We can't do the same with TRUNK, but that
> should be still
> possible to check against, say, a 2.7 beta.
I have checkouts of just about every branch ever + the head in
a couple of places - based on those, nothing untoward appears
to have happened to the source tree.
Everyone with a product or other code in that cvs should do a
check to make sure, but given that we caught the intrusion
almost immediately and that the attacker's methods were rather
unsophisticated, I think the risk is pretty low.
Brian Lloyd brian at zope.com
V.P. Engineering 540.361.1716
Zope Corporation http://www.zope.com
More information about the Zope-Dev
mailing list