Hi All, I just got off the phone with Kenneth Schwartzman of Collab Net. Kenneth reports the IT Engineering team investigated my report and found no evidence to support a security breach.
The unexpected download behaviors I reported previously are now believed to be a consequence of MIME type information supplied by Apache 2.0 being acted upon differently by various browsers. Collab Net IT Engineering, Mark Baushke, Larry Jones and I all support this hypothesis. Collab Net IT Engineering understands the desirability of having a download content authentication method in place and will focus attention on this issue after completing more pressing issues. I'm closing this topic thread and will continue the issue as "Binary File Download Authentication" on the "Bug-CVS" list. I'm sorry for any inconvenience this false alarm may have caused but a prior recent successful breach made it seem prudent to raise an alarm even though only incomplete information was available. Best regards, Conrad T. Pino _______________________________________________ Info-cvs mailing list [email protected] http://lists.gnu.org/mailman/listinfo/info-cvs
