Phil Hagelberg writes: > If you run a private proxying internal repository for your company, you > can help us verify checksums. I'll be posting a follow-up soon with some > code you can use to calculate and publish checksums so we can > investigate discrepancies.
Update: Hugo Duncan pointed out that the Clojars search indices contain checksums in them, so I've written a script to verify a repository against a copy of the index I have from the 22nd of April. https://github.com/technomancy/clojars-verify/blob/daa26b39341b6d9dae54269ca0ac127eb0bb90c8/src/clojars/verify.clj However, this gets me a huge number of false negatives (~39%) for unknown reasons, so we'll be falling back to the original plan of verification from old copies. We have a few sources of backups from before the compromise, but if anyone else has a copy of the repository from before the first of April it wouldn't hurt to have additional sources of verification. Please contact me by email or on IRC in the #leiningen freenode channel if so. thanks, Phil -- -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
