Hi all, The fuss about malicious changes to code on Github has probably not escaped your attention.
In case you haven't noticed I'm extremely cautious about commits to the BackupPC repositories so I'd like to think that there's no risk at all that something like these attacks would succeed. But in any case I've compared the Github repositories for backuppc, backuppc-xs and rsync-bpc with local safe copies to check that no unauthorized changes have been made to the three BackupPC repositories. In addition I have also scanned these repositories for indicators of compromise that have been published in some of the incident reports, plus a couple more of my own devising. You'll be pleased to know that no indicator of compromise was found. I plan that the next commit will be to rsync-bpc. It should be fairly soon and it will be rather a big one as it will be changing from a base rsync version of 3.1.3 to a base of 3.4.1. I thought you'd like to be forewarned of the upcoming unusually large commit, so that in troubled times it doesn't raise undue suspicions. I'd still be pleased to hear from anyone interested in testing the new rsync-bpc version. There's been quite a bit of testing since January, so the caveat that I made back then - that the new version might crash and burn - can now (I think:) be disregarded. -- 73, Ged. _______________________________________________ BackupPC-users mailing list [email protected] List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: https://github.com/backuppc/backuppc/wiki Project: https://backuppc.github.io/backuppc/
