Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id DB9C9200B72 for ; Fri, 26 Aug 2016 11:44:20 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id DA126160AB6; Fri, 26 Aug 2016 09:44:20 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 5463D160AB0 for ; Fri, 26 Aug 2016 11:44:20 +0200 (CEST) Received: (qmail 31959 invoked by uid 500); 26 Aug 2016 09:44:19 -0000 Mailing-List: contact dev-help@community.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@community.apache.org Delivered-To: mailing list dev@community.apache.org Received: (qmail 31948 invoked by uid 99); 26 Aug 2016 09:44:19 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 26 Aug 2016 09:44:19 +0000 Received: from [192.168.23.9] (host86-152-77-8.range86-152.btcentralplus.com [86.152.77.8]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id DB5B51A009D for ; Fri, 26 Aug 2016 09:44:18 +0000 (UTC) Subject: Re: Are Apache projects affected by the informations leaked by the NSA hack ? To: dev@community.apache.org References: From: Mark Thomas Message-ID: Date: Fri, 26 Aug 2016 10:43:57 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit archived-at: Fri, 26 Aug 2016 09:44:21 -0000 On 26/08/2016 10:13, Marco Esser wrote: > Hello All, > > i hope Im posting my question to the right mailing list. I searched a long time for as better place but dint find one. > > > Does somebody analyze the available information from the NSA Hack regarding influence on software developed in the apache projects ? I assume you mean the leaks by Edward Snowden. I don't recall seeing anything in the news regarding the NSA being hacked. I'm involved in the Apache security team and the Apache Tomcat project. I'm not aware of any analysis of the Snowden leak w.r.t. vulnerabilities in / back-doors in / influence on Apache software. > My special interest is to get knowledge about NSA hack tools or the try to implement backdoors, etc in the following software used by my customers: > > Apache HTTP > Tomcat applicationserver > popular modules for both servers I've only investigated the Tomcat vulnerabilities in any depth. None of the issues I have seen in my long involvement in the Apache Tomcat project has been suggestive of a deliberate back door being placed in the code. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@community.apache.org For additional commands, e-mail: dev-help@community.apache.org