Re: [racket-users] Re: [racket-dev] Racket Package Server Security Vulnerabilities

[Laurent]

On Tue, Sep 22, 2015 at 1:14 PM, Laurent  wrote:

> Also, were the passwords salted?
>

Sorry, I pressed 'Send' too early: the website says the passwords are
stored in bcrypt format.

-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [racket-users] Re: [racket-dev] Racket Package Server Security Vulnerabilities

[Laurent]

The server says that my package MrEd Designer (
http://pkgs.racket-lang.org/#[mred-designer] ) has been updated
on 9/21/2015, 2:55:41 PM but my last commit is from 2 years ago and I
haven't updated the package info in ages. The package description doesn't
look suspicious. Should I be worried or is it part of some maintenance task?

Laurent

On Tue, Sep 22, 2015 at 5:37 AM, Alexis King  wrote:

> > * Change your password on the http://pkgs.racket-lang.org site.
>
> For anyone confused about how to do this, I just spent a few minutes
> trying to figure it out, myself. You have to log out, then log back in with
> your email address and intentionally specify an incorrect password. The
> package server will send you an email with a code that you can use to reset
> your password to whatever you’d like.
>
> (It would be nice to have a “change password” button!)
>
> --
> You received this message because you are subscribed to the Google Groups
> "Racket Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to racket-users+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[racket-users] Re: [racket-dev] Racket Package Server Security Vulnerabilities

[Alexis King]

> * Change your password on the http://pkgs.racket-lang.org site.

For anyone confused about how to do this, I just spent a few minutes trying to 
figure it out, myself. You have to log out, then log back in with your email 
address and intentionally specify an incorrect password. The package server 
will send you an email with a code that you can use to reset your password to 
whatever you’d like.

(It would be nice to have a “change password” button!)

-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.