www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Henk P. Penning" <he...@cs.uu.nl>
Subject Re: File permissions in java-repository
Date Fri, 09 Sep 2005 07:08:01 GMT
On Wed, 7 Sep 2005, Henk P. Penning wrote:

> Date: Wed, 7 Sep 2005 08:56:02 +0200 (MEST)
> From: Henk P. Penning <henkp@cs.uu.nl>
> To: repository@apache.org, Carlos Sanchez <carlos@apache.org>
> Subject: Re: File permissions in java-repository

  ...

>   The problem with group writable files is that anybody in group
>   'apcvs' (1000 users) can change any group writable file.
>
>   If/when someone changes the content of a file, the file ownership
>   doesn't change, so, after a while, it is unclear who is responsible
>   for the content of repository files.

  Case in point : see

    http://people.apache.org/~henkp/checker/md5.html

  Yesterday three files were replace in the repository :

    java-repository/commons-dbcp/poms/commons-dbcp-1.2.1.pom
    java-repository/commons-el/poms/commons-el-1.0.pom
    java-repository/commons-fileupload/poms/commons-fileupload-1.0.pom

  -- the md5's of the files are INCONSISTENT with
     the existing, corresponding '.md5' files, dated
     Jun 22  2004 (1,3) and Apr 26 18:58 (2)

  -- the files are group writable and owned by 'bayard:apcvs"

  -- Who changed these files ? Why ? Who will fix this ?

  Henk Penning

----------------------------------------------------------------   _
Henk P. Penning, Computer Systems Group       R Uithof CGN-A232  _/ \_
Dept of Computer Science, Utrecht University  T +31 30 253 4106 / \_/ \
Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 251 3791 \_/ \_/
http://www.cs.uu.nl/staff/henkp.html          M penning@cs.uu.nl  \_/


Mime
View raw message