> Seems to me that the first step is to prevent any new files being > added to central unless they have valid hashes and signatures to stop > the problem getting worse - or has that already been done?
This is being done. The signatures are checked, but the hashes currently aren't. That's a trivial rule addition that we'll likely have in place this week. The old rsyncs that allowed wide open crap is being phased out and people are increasingly going through one of the forges that provide the validation. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
