www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark R. Diggory" <mdigg...@latte.harvard.edu>
Subject [jelly] Re: md5 errors in java-repository
Date Fri, 03 Sep 2004 00:17:53 GMT
I'm forwarding this onto the "Repository" email list.

Dion, the reason I was suggesting it was your action is because files 
also owned by yourself were added to the commons-jelly/jars directory. I 
assume it was your upload of those files which altered them so that the 
md5's no longer matched.

> -rw-rw-r--  1 dion      apcvs   12377 Sep  2 00:39 commons-jelly-tags-validate-20040902.073836.jar
> -rw-rw-r--  1 dion      apcvs      32 Sep  2 00:39 commons-jelly-tags-validate-20040902.073836.jar.md5
...
> -rw-rw-r--  1 dion      apcvs   10343 Sep  2 00:39 commons-jelly-tags-velocity-20040902.073917.jar
> -rw-rw-r--  1 dion      apcvs      32 Sep  2 00:39 commons-jelly-tags-velocity-20040902.073917.jar.md5
...
> -rw-rw-r--  1 dion      apcvs  161479 Sep  2 00:08 commons-jelly-20040902.070806.jar
> -rw-rw-r--  1 dion      apcvs      32 Sep  2 00:09 commons-jelly-20040902.070806.jar.md5
...
> -rw-rw-r--  1 dion      apcvs   35076 Sep  2 00:21 commons-jelly-tags-xml-20040902.072037.jar
> -rw-rw-r--  1 dion      apcvs      32 Sep  2 00:21 commons-jelly-tags-xml-20040902.072037.jar.md5
...
> -rw-rw-r--  1 mdiggory  apcvs   11489 Sep  2 00:28 commons-jelly-tags-xmlunit-20030211.144251.jar
> -rw-rw-r--  1 mdiggory  apcvs      33 Jan 19  2004 commons-jelly-tags-xmlunit-20030211.144251.jar.md5

So I was suspecting it was Dion because the published jars under his 
name like those represented above got transferred last night to ibiblio:

http://www.ibiblio.org/maven/reports/apache/2004/09/02/apache-20040902-050103.txt

All I know is that there was a process running around midnight which 
walked through this directory and updated jar files within it, breaking 
some of the md5 signatures on files which were owned by me.


Henk P. Penning wrote:
> On Fri, 3 Sep 2004, Dion Gillard wrote:
> 
> 
>>Date: Fri, 3 Sep 2004 09:11:25 +1000
>>From: Dion Gillard <dion.gillard@gmail.com>
>>To: Henk P. Penning <henkp@cs.uu.nl>, mark_diggory@harvard.edu
>>Subject: Re: md5 errors in java-repository
>>
>>Sorry guys, I haven't updated those files....?
> 
> 
>   .. then some of the 909 other members of group apcvs did it.
> 

true, true. We need to get the permissions locked down.

>   IMHO, these files shouldn't be group writable ;
>   only the directories should be; now file ownership
>   means nothing.

Well, I'm unsure how different individuals are publishing, I assume most 
are using maven, which will set files permission according to how it 
coded in the Maven client. If the Maven client were configurable, then 
maybe this could be managed.

> 
>   I'm still very curious how java-repository is maintained
> 
>   -- what stuff is added, and how

Really, its only supposed to be getting full releases published within it.

>   -- what stuff is deleted and when

Currently, release which are removed from the public should be removed.
> 
>   Whouldn't it be easier if there was a config like
> 
>     this-jar FROM that-dist-tgz GOES there
>     ....
> 
>   so that
> 
>   -- 'this-jar' can be removed if 'that-dist-tgz' is gone

That would be managed by the project owners, like it is now.

>   -- installation in java-repository can be automated

Again, Maven, as a client is used to publish a release jar into the 
repository based on the project that is being worked with on the client 
side, the structure is fairly "strict".

> 
>   HPP
> 
> ----------------------------------------------------------------   _
> Henk P. Penning, Computer Systems Group       R Uithof CGN-A232  _/ \_
> Dept of Computer Science, Utrecht University  T +31 30 253 4106 / \_/ \
> Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 251 3791 \_/ \_/
> http://www.cs.uu.nl/staff/henkp.html          M penning@cs.uu.nl  \_/
> 

-- 
Mark Diggory
Software Developer
Harvard MIT Data Center
http://www.hmdc.harvard.edu

Mime
View raw message