[squeak-dev] Cryptography repository issue

David T. Lewis lewis at mail.msen.com
Sat Jan 27 22:46:46 UTC 2018


Thank you Paul, this is very helpful.

Yes it does look like the missing Cryptography versions are safe and sound
in the smalltalkhub repository. The only things that appear to be missing
are the versions of Crytography prior to Cryptography-mtf.36. Everything else
seems to be in good order.

I can also see that the missing versions are actually all still present on
the filesystem on squeaksource.com. They do not appear in the live repository,
but it turns out that the data files are still safely on disk, and could be
reloaded from there if needed.

Dave


On Sat, Jan 27, 2018 at 12:43:29PM -0700, Paul DeBruicker wrote:
> I haven't deleted anything from the squeaksource repo but I did make a copy
> of it on smalltalkhub here:
> 
> 
> 
> http://smalltalkhub.com/#!/~Cryptography/Cryptography
> 
> 
> 
> Back when there was a threat that squeaksource was going away.  Maybe it has
> the missing packages?
> 
> 
> MCHttpRepository
> 	location: 'http://smalltalkhub.com/mc/Cryptography/Cryptography/main'
> 	user: ''
> 	password: ''
> 
> 
> 
> Hope this helps
> 
> 
> Paul
> 
> 
> 
> 
> 
> 
> David T. Lewis wrote
> > On Thu, Jan 25, 2018 at 07:23:23PM +0100, Levente Uzonyi wrote:
> >> Hi All,
> >> 
> >> Most versions of the Cryptography package are missing from its 
> >> repository[1].
> >> Does anyone know what happened to them? Is there a way to restore them?
> >> 
> >> Levente
> >> 
> >> [1]http://squeaksource.com/Cryptography.html
> >>
> > 
> > Hi,
> > 
> > I think that we did have an issue a while back with files being removed
> > from this repository.
> > 
> > This is a serious concern, because the the repository contains VM plugins
> > in addition to the cryptography algorithms. We have no real protection
> > against any of these packages (including the plugins) being modified or
> > deleted. If it was anything other that cryptography, I would not worry,
> > but this seems like a particularly bad place for untraceable changes to
> > be happening.
> > 
> > We also have updates appearing in this repository under various alias
> > user IDs, which normally would not be a big concern. But it does not
> > seem like a good idea in the area of security and crypto algorithms,
> > so I would ask that anyone contributing to this repository please make
> > your identity clear and traceable.
> > 
> > I did a check today to compare the current repository to a backup that
> > I made last December 10. I see nothing modified or removed since that
> > time. I cannot find an earlier backup, so I am not sure what may have
> > gone missing prior to December 10.
> > 
> > Can anyone clarify what versions are missing, or (better yet) provide
> > backups copies of the missing versions?
> > 
> > Thanks,
> > Dave
> 
> 
> 
> 
> 
> --
> Sent from: http://forum.world.st/Squeak-Dev-f45488.html
> 


More information about the Squeak-dev mailing list