I just wanted to let you all know what's happening before I spam the list with lots of commits from the pent up changes on my disks :)
Following Joey's restoration of the debian-installer CVS, I have done a similar job for the debian-openoffice repository. I have verified that no files have been tampered with and removed all passwd entries except for read-only anonymous access. I happened to have a fairly recent tarball of the complete repo on my local trusted machine, that was taken on September 30. Rene & I manually checked over all changes in the CVS repository files since then (225 files changed, 31791 insertions, 6036 deletions), and then double checked by comparing a checkout of all files with our working directory snapshots from just before the compromise. I also removed the local copies of the loginfo scripts I had been using and changed to using new, audited versions. I have requested restoration of the repository directory, but I imagine the admins are still pretty busy. Until then people with shell access can reach it at :ext:gluck.debian.org:/home/halls/cvs/debian-openoffice. In the longer term we'll have to reconsider whether using CVS pserver is a good idea to continue using for write access. Chris
signature.asc
Description: This is a digitally signed message part
