[squeak-dev] Cryptography repository issue

David T. Lewis lewis at mail.msen.com
Sat Jan 27 01:33:58 UTC 2018


On Thu, Jan 25, 2018 at 07:23:23PM +0100, Levente Uzonyi wrote:
> Hi All,
> 
> Most versions of the Cryptography package are missing from its 
> repository[1].
> Does anyone know what happened to them? Is there a way to restore them?
> 
> Levente
> 
> [1]http://squeaksource.com/Cryptography.html
>

Hi,

I think that we did have an issue a while back with files being removed
from this repository.

This is a serious concern, because the the repository contains VM plugins
in addition to the cryptography algorithms. We have no real protection
against any of these packages (including the plugins) being modified or
deleted. If it was anything other that cryptography, I would not worry,
but this seems like a particularly bad place for untraceable changes to
be happening.

We also have updates appearing in this repository under various alias
user IDs, which normally would not be a big concern. But it does not
seem like a good idea in the area of security and crypto algorithms,
so I would ask that anyone contributing to this repository please make
your identity clear and traceable.

I did a check today to compare the current repository to a backup that
I made last December 10. I see nothing modified or removed since that
time. I cannot find an earlier backup, so I am not sure what may have
gone missing prior to December 10.

Can anyone clarify what versions are missing, or (better yet) provide
backups copies of the missing versions?

Thanks,
Dave
 


More information about the Squeak-dev mailing list