[squeak-dev] Cryptography repository issue
David T. Lewis
lewis at mail.msen.com
Sat Jan 27 23:04:41 UTC 2018
Actually, I can see by looking at a copy of the in-image repository that
the missing versions are still in the squeaksource.com image. It appears
that they are just marked as deleted, but they do not really go away.
I have administrative access to the image, so I think I can do the undelete
if that is the best approach. I'll wait for guidance from a Cryptography
admin or developer before doing anything.
Dave
On Sat, Jan 27, 2018 at 05:46:46PM -0500, David T. Lewis wrote:
> Thank you Paul, this is very helpful.
>
> Yes it does look like the missing Cryptography versions are safe and sound
> in the smalltalkhub repository. The only things that appear to be missing
> are the versions of Crytography prior to Cryptography-mtf.36. Everything else
> seems to be in good order.
>
> I can also see that the missing versions are actually all still present on
> the filesystem on squeaksource.com. They do not appear in the live repository,
> but it turns out that the data files are still safely on disk, and could be
> reloaded from there if needed.
>
> Dave
>
>
> On Sat, Jan 27, 2018 at 12:43:29PM -0700, Paul DeBruicker wrote:
> > I haven't deleted anything from the squeaksource repo but I did make a copy
> > of it on smalltalkhub here:
> >
> >
> >
> > http://smalltalkhub.com/#!/~Cryptography/Cryptography
> >
> >
> >
> > Back when there was a threat that squeaksource was going away. Maybe it has
> > the missing packages?
> >
> >
> > MCHttpRepository
> > location: 'http://smalltalkhub.com/mc/Cryptography/Cryptography/main'
> > user: ''
> > password: ''
> >
> >
> >
> > Hope this helps
> >
> >
> > Paul
> >
> >
> >
> >
> >
> >
> > David T. Lewis wrote
> > > On Thu, Jan 25, 2018 at 07:23:23PM +0100, Levente Uzonyi wrote:
> > >> Hi All,
> > >>
> > >> Most versions of the Cryptography package are missing from its
> > >> repository[1].
> > >> Does anyone know what happened to them? Is there a way to restore them?
> > >>
> > >> Levente
> > >>
> > >> [1]http://squeaksource.com/Cryptography.html
> > >>
> > >
> > > Hi,
> > >
> > > I think that we did have an issue a while back with files being removed
> > > from this repository.
> > >
> > > This is a serious concern, because the the repository contains VM plugins
> > > in addition to the cryptography algorithms. We have no real protection
> > > against any of these packages (including the plugins) being modified or
> > > deleted. If it was anything other that cryptography, I would not worry,
> > > but this seems like a particularly bad place for untraceable changes to
> > > be happening.
> > >
> > > We also have updates appearing in this repository under various alias
> > > user IDs, which normally would not be a big concern. But it does not
> > > seem like a good idea in the area of security and crypto algorithms,
> > > so I would ask that anyone contributing to this repository please make
> > > your identity clear and traceable.
> > >
> > > I did a check today to compare the current repository to a backup that
> > > I made last December 10. I see nothing modified or removed since that
> > > time. I cannot find an earlier backup, so I am not sure what may have
> > > gone missing prior to December 10.
> > >
> > > Can anyone clarify what versions are missing, or (better yet) provide
> > > backups copies of the missing versions?
> > >
> > > Thanks,
> > > Dave
> >
> >
> >
> >
> >
> > --
> > Sent from: http://forum.world.st/Squeak-Dev-f45488.html
> >
>
More information about the Squeak-dev
mailing list
|