helium.ruby-lang.org was cracked

Discussion in 'Ruby' started by Shugo Maeda, May 29, 2004.

  1. Shugo Maeda

    Shugo Maeda Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    = helium.ruby-lang.org was cracked

    May 29 2004

    Thanks for using services at ruby-lang.org.

    On Fri May 28, we found that someone cracked helium.ruby-lang.org
    via CVS.

    Fortunately, the cvs process was running in the chroot environment,
    so the affects to other services/contents were not so probable, but
    we are confirming it now.
    Currently there are no interpolations found out of the chroot
    environment.

    The most worrisome contents are the CVS repositories, but these
    distributions are not affected at least.

    5d52c7d0e6a6eb6e3bc68d77e794898e ruby-1.8.1.tar.gz
    bf48d49dbd94b5c0eda5f75b3bfbac16 ruby-1.6.8.tar.gz

    The mailing list services are restarted, but CVS/WWW/FTP/RSYNC
    are stopped yet, sorry.

    Further information will be provided on http://www.ruby-lang.org/.
    For more information, send mail to please.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)

    iD8DBQFAuDstZ3GizHGDKdwRAtgjAKCR84HECIzMmVN7VqQmc5LVMaRAXQCdG3rx
    lJTsmUhbEVAPkeWErVEHbig=
    =67cw
    -----END PGP SIGNATURE-----
    Shugo Maeda, May 29, 2004
    #1
    1. Advertising

  2. Shugo Maeda wrote:
    > -----BEGIN PGP SIGNED MESSAGE-----
    >[...]
    > On Fri May 28, we found that someone cracked helium.ruby-lang.org
    > via CVS.
    >[...]
    > The most worrisome contents are the CVS repositories, but these
    > distributions are not affected at least.
    >
    > 5d52c7d0e6a6eb6e3bc68d77e794898e ruby-1.8.1.tar.gz
    > bf48d49dbd94b5c0eda5f75b3bfbac16 ruby-1.6.8.tar.gz
    >[...]


    Do we know if the stable-snapshot in CVS was modified?

    I noticed when I installed stable-snapshot recently, the version number
    was 1.8.2 instead of 1.8.1.

    Isn't the snable-snapshot supposed to be 1.8.1 too until 1.8.2 is
    officially released?
    Randy Lawrence, May 30, 2004
    #2
    1. Advertising

  3. Hi,

    Randy Lawrence wrote:
    > Do we know if the stable-snapshot in CVS was modified?


    No. We are still working for checking. For now, confirmed versions are
    only official releases of 1.6.8 and 1.8.1.

    > I noticed when I installed stable-snapshot recently, the version number
    > was 1.8.2 instead of 1.8.1.
    >
    > Isn't the snable-snapshot supposed to be 1.8.1 too until 1.8.2 is
    > officially released?


    Stable-snapshots released at ruby-lang.org have a version string "1.8.2"
    since 2004-05-14T21:26:15+00:00. In ruby, once matz decided to prepare
    an official release, he incremented version.h. And preparing the
    official release generally takes a few weeks/months.

    Regards,
    // NaHi
    NAKAMURA, Hiroshi, May 31, 2004
    #3
  4. NAKAMURA, Hiroshi wrote:
    > Hi,
    >
    > Randy Lawrence wrote:
    >
    >> Do we know if the stable-snapshot in CVS was modified?

    >
    >
    > No. We are still working for checking. For now, confirmed versions are
    > only official releases of 1.6.8 and 1.8.1.
    >
    >> I noticed when I installed stable-snapshot recently, the version
    >> number was 1.8.2 instead of 1.8.1.
    >>
    >> Isn't the snable-snapshot supposed to be 1.8.1 too until 1.8.2 is
    >> officially released?

    >
    >
    > Stable-snapshots released at ruby-lang.org have a version string "1.8.2"
    > since 2004-05-14T21:26:15+00:00. In ruby, once matz decided to prepare
    > an official release, he incremented version.h. And preparing the
    > official release generally takes a few weeks/months.
    >
    > Regards,
    > // NaHi
    >
    >


    Thanks.

    In general, is stable-snapshot more reliable (bug-free) than the release
    version?
    Randy Lawrence, May 31, 2004
    #4
  5. Hi,

    First of all, you haven't find any evidence of CVS repository
    modification by the crackers after investigation, although we can't
    prove 100%. I think you can trust your stable snapshot.

    In message "Re: helium.ruby-lang.org was cracked"
    on 04/05/31, Randy Lawrence <> writes:

    |In general, is stable-snapshot more reliable (bug-free) than the release
    |version?

    Yes.

    matz.
    Yukihiro Matsumoto, May 31, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. HD-DVD key cracked.

    , May 2, 2007, in forum: C++
    Replies:
    5
    Views:
    338
    =?iso-8859-1?q?Erik_Wikstr=F6m?=
    May 9, 2007
  2. Shugo Maeda
    Replies:
    0
    Views:
    78
    Shugo Maeda
    Jul 22, 2004
  3. PerlFAQ Server
    Replies:
    0
    Views:
    677
    PerlFAQ Server
    Feb 3, 2011
  4. PerlFAQ Server
    Replies:
    0
    Views:
    680
    PerlFAQ Server
    Apr 4, 2011
  5. Michael Herrmann
    Replies:
    2
    Views:
    95
    Michael Herrmann
    Dec 16, 2013
Loading...

Share This Page