www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Henk P. Penning" <he...@apache.org>
Subject security -- maven-repository/org/apache/directory/daemon
Date Thu, 30 Mar 2006 07:51:28 GMT
Alex,

  some '1.0-RC1' files (jar's, pom's etc) were modified in :

    maven-repository/org/apache/directory/daemon/

  Maybe you changed them, maybe it was one of the other 1000+
  ASF committers ; it's impossible to tell, because the files
  are group writable for group 'apcvs'.

  -- Because the pgp sigs were not updated, they are now inconsistent.

  Please see for details:

    http://people.apache.org/~henkp/checker/sig.html#user-akarasulu
    http://people.apache.org/~henkp/checker/md5.html

  Note that this is either a security incident, or bad form.
  It is not right to modify files, two weeks after they
  were published ; a new version should be issued.

  If it was you who changed the files, please fix the sigs asap ;
  If not, please remove these files until it clear who did.

  Regards,

  Henk Penning

----------------------------------------------------------------   _
Henk P. Penning, Computer Systems Group       R Uithof CGN-A232  _/ \_
Dept of Computer Science, Utrecht University  T +31 30 253 4106 / \_/ \
Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 251 3791 \_/ \_/
http://www.cs.uu.nl/staff/henkp.html          M penning@cs.uu.nl  \_/


Mime
View raw message