commons-cactus is clean as I have been comparing it several time with local
copies on my hard disk that dated before the intrusion.
-Vincent
----- Original Message -----
From: "Waldhoff, Rodney" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, June 23, 2001 3:05 AM
Subject: FW: final roundup of security audit of source code
> We should probably do something about this.
>
> I don't think jakarta-commons-sandbox matters much as far as this is
> concerned. Any problems created there should be detected when moving that
> stuff into jakarta-commons proper, so maybe we could just call that
"clean"
> or "not relevant"?
>
> For jakarta-commons, I guess should we handle this on a per-component
basis
> and then report back up when we're all done? I couldn't begin to tell you
> which changes to Cactus are the right ones, for example.
>
> I'm pretty sure http-client and collections are clean since I've been
using
> rather recent versions of both on a daily basis, but to be honest I
haven't
> done a manual diff against the "pre-hack" directories.
>
> -----Original Message-----
> From: Brian Behlendorf [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, June 19, 2001 8:17 PM
> Subject: final roundup of security audit of source code
>
> According to http://www.apache.org/info/20010519-hack.html, the following
> CVS modules have still not yet been audited conclusively:
>
> httpd-win32-msi
> jakarta-alexandria
> jakarta-commons
> jakarta-commons-sandbox
> jakarta-slide
> jakarta-taglibs
> jakarta-tomcat-jasper
> jakarta-tomcat-site
> jakarta-tools
> jakarta-turbine-jyve
> jakarta-turbine-orgami
> tcl-core
> xml-admin
> xml-axis
> xml-cocoon (in progress)
> xml-core
> xml-site
> xml-xalan (Xalan-J 1.x project -
inactive,
> could be removed?)
> xml-xalan\c
> xml-xalan\java DTM_EXP branch ???
>
> If people within these groups could make a concerted effort to check these
> over so we can close this out, I'd appreciate it. That way I can remove
> the /home/cvs-prehack dir, modify the news blurb on the front page, etc.
>
> We are also pulling some backups to restore a directory that was
> accidentally removed (unrelated to the hack) from an older backup, so if
> we need to get other files, now would be a good time.
>
> Thanks!
>
> Brian
>
>
>