From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev-return-5541-arch-gentoo-dev=gentoo.org@gentoo.org>
Received: (qmail 4699 invoked by uid 1002); 13 Aug 2003 19:08:53 -0000
Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:gentoo-dev@gentoo.org>
List-Help: <mailto:gentoo-dev-help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev-unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-dev-subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@gentoo.org
Received: (qmail 2012 invoked from network); 13 Aug 2003 19:08:53 -0000
From: Fred Van Andel <fava@gentoo.org>
To: gentoo-dev@gentoo.org
Date: Wed, 13 Aug 2003 12:08:52 -0700
In-Reply-To: <20030813112257.9B99BA3C.fava@gentoo.org>
References: <1060793784.24922.2243.camel@simple> <20030813112257.9B99BA3C.fava@gentoo.org>
Message-Id: <20030813120852.64663800.fava@gentoo.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: nPOP Ver 1.0.0
Subject: Re: [gentoo-dev] The Free Software Foundation's FTP site at ftp.gnu.org has been"compromised"
X-Archives-Salt: 46c88160-1f6b-428b-850e-d85bf292826c
X-Archives-Hash: 004e91a87f24acf5dd03225d60773345

Fred Van Andel <fava@gentoo.org> wrote:
(08/13/2003 11:22)

>Ned Ludd <solar@gentoo.org> wrote:
>(08/13/2003 09:56)
>
>>After reading that it would be great if one of our list readers could
>>gather all the md5sums for matching packages that we support.
>>
>>http://ftp.gnu.org/MISSING-FILES
>
>The current distfile mirrors currently contain about 90 of the mentioned files, they are listed below.  I am currently checking the the md5 in portage against the ones that I calculated about a month ago. If someone could check the dates to see how many of these files arrived on our system before mid march we could rule them safe.

I am talking to myself here but whatever.

All the MD5's that I calculated about a month ago match the MD5's that are given in portage (which would have been created at the time the ebuild was created).  This does not mean that those files are safe, it just means they have not been altered between the ebuild creation and a month ago   If the MD5's were different we would need to do some very carefull checking.

I dont have time now (I am at work) but can someone check the dates of the affected files to see if they are potentially suspect?

Fred Van Andel
fava@gentoo.org
GPG KeyID: 76526AD599455482  
GPG fingerprint: 64E4 4BAB 9C99 D565 3E3C F5D0 7652 6AD5 9945 5482


--
gentoo-dev@gentoo.org mailing list