Re: corosync.org compromised

"Fabio M. Di Nitto" <fdinitto@xxxxxxxxxx> · Tue, 25 Sep 2012 16:15:11 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 9/24/2012 6:26 PM, Steven Dake wrote:

> 2) 1.2.4 should be considered suspect, but looks as if it were
> tagged improperly rather then attacked

> 5) 1.2.4 requires further analysis

I can confirm that 1.2.4 difference between git and tarball is only
due to incorrect tagging.

I checked the full diff and all changes are indeed present in git
(later versions).

Also, I spent some time reviewing your check scripts and they look
fine. I guess we have been extremely lucky.

Fabio
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBCAAGBQJQYbxsAAoJEFA6oBJjVJ+OGYAP/1SeRNz9pUAMDxul0xwxNAM1
7QZh077Hay/ToAm2B+NX0Tm4IUcjgxR6Lor2AE8rOLxy7OOtw2GurWzRiWJmP3Eo
fLiybRnqhshC+oBjxaLyDw9w0HhN/wX0hTNaysZ8d0N+MhQzEwf0em/YiOmVG3kq
Ybe3101uK/oNvHqSibaRpMq7bH1eCCNBvnmcu5aROp1YlnA1cTeouoqZO4NOF6kw
cHFO5Mf+ueURncr9evBGDo3dcw9Y+XBVBh6Ag+ZAYy+XYab+0QcAxKlAzCNAICaC
wchFhxwX0FKLm9XJHd/TcXJS3V/XFhX629uWBWstwYjmff0P/yjOZj978rNc6MVI
1scVLdntVIG166D+pZ1jv7iu17SgCFGZcJR6G/e8H10ZAo7QuMwHWDHRLMi7WpnY
xmFZCTY41Awz4H9r/JTtIf3CzqN36kBl9l9a5gGRym4WlRKn5A6f0ASKUjo/G4wc
S3tvOhRK8LYzx9aMPsKlACveLQoS27tYzx8nGqd+mXwpDOIuDeVJ7AJSck8F/W7r
AaBxDMH0VgPkBhVpVrDtELPhUs2r7RIM9+usDIyu21oep94mJddiOxOKDymHx7wo
xRV46jvkFq5OUCaxw8vGeDLxzWj7ghUvBi58knu+hPMFYNDf8W0VdX39xJslcKfj
qNVYJlwYFET367wYvCdD
=nP7g
-----END PGP SIGNATURE-----
_______________________________________________
discuss mailing list
discuss@xxxxxxxxxxxx
http://lists.corosync.org/mailman/listinfo/discuss