[squeak-dev] Cryptography repository issue
Tobias Pape
Das.Linux at gmx.de
Sun Jan 28 18:30:47 UTC 2018
> On 28.01.2018, at 00:04, David T. Lewis <lewis at mail.msen.com> wrote:
>
> Actually, I can see by looking at a copy of the in-image repository that
> the missing versions are still in the squeaksource.com image. It appears
> that they are just marked as deleted, but they do not really go away.
>
> I have administrative access to the image, so I think I can do the undelete
> if that is the best approach.
It is :)
(That's what I meant recently when the issue from henry came up)
BTW: who deleted those versions?
> I'll wait for guidance from a Cryptography
> admin or developer before doing anything.
>
> Dave
>
> On Sat, Jan 27, 2018 at 05:46:46PM -0500, David T. Lewis wrote:
>> Thank you Paul, this is very helpful.
>>
>> Yes it does look like the missing Cryptography versions are safe and sound
>> in the smalltalkhub repository. The only things that appear to be missing
>> are the versions of Crytography prior to Cryptography-mtf.36. Everything else
>> seems to be in good order.
>>
>> I can also see that the missing versions are actually all still present on
>> the filesystem on squeaksource.com. They do not appear in the live repository,
>> but it turns out that the data files are still safely on disk, and could be
>> reloaded from there if needed.
>>
>> Dave
>>
>>
>> On Sat, Jan 27, 2018 at 12:43:29PM -0700, Paul DeBruicker wrote:
>>> I haven't deleted anything from the squeaksource repo but I did make a copy
>>> of it on smalltalkhub here:
>>>
>>>
>>>
>>> http://smalltalkhub.com/#!/~Cryptography/Cryptography
>>>
>>>
>>>
>>> Back when there was a threat that squeaksource was going away. Maybe it has
>>> the missing packages?
>>>
>>>
>>> MCHttpRepository
>>> location: 'http://smalltalkhub.com/mc/Cryptography/Cryptography/main'
>>> user: ''
>>> password: ''
>>>
>>>
>>>
>>> Hope this helps
>>>
>>>
>>> Paul
>>>
>>>
>>>
>>>
>>>
>>>
>>> David T. Lewis wrote
>>>> On Thu, Jan 25, 2018 at 07:23:23PM +0100, Levente Uzonyi wrote:
>>>>> Hi All,
>>>>>
>>>>> Most versions of the Cryptography package are missing from its
>>>>> repository[1].
>>>>> Does anyone know what happened to them? Is there a way to restore them?
>>>>>
>>>>> Levente
>>>>>
>>>>> [1]http://squeaksource.com/Cryptography.html
>>>>>
>>>>
>>>> Hi,
>>>>
>>>> I think that we did have an issue a while back with files being removed
>>>> from this repository.
>>>>
>>>> This is a serious concern, because the the repository contains VM plugins
>>>> in addition to the cryptography algorithms. We have no real protection
>>>> against any of these packages (including the plugins) being modified or
>>>> deleted. If it was anything other that cryptography, I would not worry,
>>>> but this seems like a particularly bad place for untraceable changes to
>>>> be happening.
>>>>
>>>> We also have updates appearing in this repository under various alias
>>>> user IDs, which normally would not be a big concern. But it does not
>>>> seem like a good idea in the area of security and crypto algorithms,
>>>> so I would ask that anyone contributing to this repository please make
>>>> your identity clear and traceable.
>>>>
>>>> I did a check today to compare the current repository to a backup that
>>>> I made last December 10. I see nothing modified or removed since that
>>>> time. I cannot find an earlier backup, so I am not sure what may have
>>>> gone missing prior to December 10.
>>>>
>>>> Can anyone clarify what versions are missing, or (better yet) provide
>>>> backups copies of the missing versions?
>>>>
>>>> Thanks,
>>>> Dave
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Sent from: http://forum.world.st/Squeak-Dev-f45488.html
>>>
>>
>
More information about the Squeak-dev
mailing list
|