diff options
Diffstat (limited to 'zarb-ml/mageia-dev/2012-December/021032.html')
| -rw-r--r-- | zarb-ml/mageia-dev/2012-December/021032.html | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/2012-December/021032.html b/zarb-ml/mageia-dev/2012-December/021032.html new file mode 100644 index 000000000..15a8e8733 --- /dev/null +++ b/zarb-ml/mageia-dev/2012-December/021032.html @@ -0,0 +1,94 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] Problem with missing signatures + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Problem%20with%20missing%20signatures&In-Reply-To=%3C50DF4804.8030803%40gmx.com%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="021031.html"> + <LINK REL="Next" HREF="021034.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] Problem with missing signatures</H1> + <B>Kamil Rytarowski</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Problem%20with%20missing%20signatures&In-Reply-To=%3C50DF4804.8030803%40gmx.com%3E" + TITLE="[Mageia-dev] Problem with missing signatures">n54 at gmx.com + </A><BR> + <I>Sat Dec 29 20:44:04 CET 2012</I> + <P><UL> + <LI>Previous message: <A HREF="021031.html">[Mageia-dev] Problem with missing signatures +</A></li> + <LI>Next message: <A HREF="021034.html">[Mageia-dev] Problem with missing signatures +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#21032">[ date ]</a> + <a href="thread.html#21032">[ thread ]</a> + <a href="subject.html#21032">[ subject ]</a> + <a href="author.html#21032">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>On 29.12.2012 20:11, Pascal Terjan wrote: +><i> On Sat, Dec 29, 2012 at 6:49 PM, Kamil Rytarowski <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">n54 at gmx.com</A>> wrote: +</I>>><i> Hello! +</I>>><i> +</I>>><i> Could we add a trigger to prevent unsigned packages from being uploaded? +</I>>><i> +</I>>><i> I've faced again bunch of unsigned packages.. and when I was trying to +</I>>><i> rebuild plexus-i18n against missing signature, with bumping the release - +</I>>><i> the build system said it's already built with that version [1]. +</I>>><i> +</I>>><i> How is it possible? I have checked the history of this package.. and it was +</I>>><i> never released as the version in the build system. +</I>>><i> +</I>>><i> Am I missing something? Was there an attack and a package injection? +</I>>><i> +</I>>><i> Kamil +</I>>><i> +</I>>><i> [1] +</I>>><i> <A HREF="http://svnweb.mageia.org/packages/cauldron/plexus-i18n/current/SPECS/plexus-i18n.spec?r1=268801&r2=335589">http://svnweb.mageia.org/packages/cauldron/plexus-i18n/current/SPECS/plexus-i18n.spec?r1=268801&r2=335589</A> +</I>><i> It seems someone manually uploaded the package on December 1st, after +</I>><i> building it on a machine named karamel, this seems to be dmorgan's +</I>><i> machine +</I>Thank you Pascal for your reply, so it was injected (in other words +"manually uploaded"). + +I may understand that in some circumstances there is a need to do manual +operations over our buildservers, but please for the sake of security +and credibility of Mageia prohibit uploading locally built packages into +the outside world, servers! Without it a user or developer cannot see if +a local mirror (or someone in-the-middle) is injecting Trojan packages +or not. +</PRE> + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="021031.html">[Mageia-dev] Problem with missing signatures +</A></li> + <LI>Next message: <A HREF="021034.html">[Mageia-dev] Problem with missing signatures +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#21032">[ date ]</a> + <a href="thread.html#21032">[ thread ]</a> + <a href="subject.html#21032">[ subject ]</a> + <a href="author.html#21032">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |