[jdev] Re: IMPORTANT: JSF/JabberStudio Service Update

[David Waite]

My understanding is that arch changeset signing does not do external
checkpointing, which means nothing prevent removal of changesets (i.e.
removal of a security update). I would still recommend verifying your
history for any missing security changes.

-David Waite

On Wed, 26 Jan 2005 17:15:38 -0800, Neil Stevens <neil at hakubi.us> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Wednesday 26 January 2005 12:49 pm, Peter Saint-Andre wrote:
> > Developers who use JabberStudio for their projects MUST follow the
> > instructions posted at http://www.jabberstudio.org/ in order to validate
> > their code. Only validated code will be restored to JabberStudio! If you
> > have questions about the JabberStudio service, please direct them to
> > Thomas Muldowney (a.k.a. temas).
> 
> Just a piece of advice to developers:  The use of signed patches like those
> created by GNU Arch ( http://www.gnu.org/software/gnu-arch/ ) provide a
> level of data integrity and protection that a system like CVS does not.
> If you use a known and signed GnuPG ( http://www.gnupg.org/ ) key to sign
> all your code, someone who breaks into your server can't change anything
> without the change being detected.
> 
> So, if you're using CVS and don't like having to worry if your code got
> changed, try using something else instead!  A system like GNU Arch is more
> flexible in its branch management and multi-developer development, too, so
> there could be benefits beyond data integrity, too.  It's worth a try,
> anyway.
> 
> - --
> Neil Stevens - neil at hakubi.us
> 
> 'A republic, if you can keep it.' -- Benjamin Franklin
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (FreeBSD)
> 
> iD8DBQFB+EDBf7mnligQOmERArQQAJ4/AOfP9h49j4XF97wDu83xXqp/BQCfRqNG
> glZGBaFH6/jTJAtuBDebCeU=
> =0zTg
> -----END PGP SIGNATURE-----
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mail.jabber.org/mailman/listinfo/jdev
>