[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
GNUstep audit
From: |
Alexander Malmberg |
Subject: |
GNUstep audit |
Date: |
Thu, 11 Dec 2003 01:01:41 +0100 |
Hi,
Fortunately, although the 2003-09-16 tree savannah has made available
seems messed up, we have daily snapshots going back a while. Thus, I
made a huge diff between the 2003-10-26 snapshot of core/ (which, if the
compromise occurred ~2003-11-02, is safe) and the latest tree from
savannah and then checked it for unexpected/unsafe changes. I found
none. However, I think it would be good if someone else would also audit
core/.
(In particular, I can't find any malicious code in the win32 backend
changes, David Ayers's new tests in base/Testing/, or the mosx project
files, but I don't know what these are supposed to be, so extra checking
would be nice.)
The snapshot I compared against was:
7c133b68a81cb558076b105988fa65c9 core.20031026.tar.bz2
(confirmed same md5sum on all mirrors)
Also, Riccardo Mottola had a cvs tree from ~2003-10-22 around, and there
were no unexpected changes between it and the 2003-10-26 snapshot.
(All this is for core/; I haven't checked anything else yet.)
- Alexander Malmberg
- GNUstep audit,
Alexander Malmberg <=
- Re: GNUstep audit, Adam Fedor, 2003/12/11
- Re: GNUstep audit, Alexander Malmberg, 2003/12/11
- Re: GNUstep audit, Adam Fedor, 2003/12/11
- Re: GNUstep audit, Gregory John Casamento, 2003/12/12
- Re: GNUstep audit, Serg Stoyan, 2003/12/12
- Re: GNUstep audit, d.ayers, 2003/12/13
- Re[2]: GNUstep audit, Manuel Guesdon, 2003/12/15
- Re: GNUstep audit, Stefan Urbanek, 2003/12/11
- Re: GNUstep audit, Enrico Sersale, 2003/12/12
- Re: GNUstep audit, Enrico Sersale, 2003/12/12