shibboleth-dev - Shibboleth cvs announcement
Subject: Shibboleth Developers
List archive
- From:
- To: ,
- Subject: Shibboleth cvs announcement
- Date: Tue, 1 Jun 2004 12:28:20 -0400
The machine holding the cvs that contains the Shibboleth source was compromised on May 21. The situation was discovered on May 24, and the machine was immediately shut down. Needless to say, we treated this incident as an extremely serious situation. However, after extensive investigation and forensics, we are convinced that we know when the incident occurred, how the breakin occurred, and -- most importantly -- are convinced that the Shibboleth code was not compromised. The machine has been completely rebuilt, using backup tapes that predate the incident
We have now posted *final final* tarballs to http://wayf.internet2.edu/shibboleth/ .We would encourage EVERYONE using a previous version of Shibboleth v1.2 to move to the final version. This will make it much easier for us to answer questions, and will ensure consistent behavior among sites running Shib 1.2.
Our cvs is currently NOT available for anonymous access. However, we are working with the sysadmins, and hope to restore this functionality soon.
We are distributing this announcement to let people know that this incident occurred... However, as noted previously, we are SURE that it has had no effect on the Shibboleth source that we are currently using. If there are any issues or concerns, please contact us.
Thank you for your interest in Shibboleth, and your support! We're sorry that this incident delayed the final release of Shibboleth 1.2. However, we're sure people will understand why we delayed the release, while investigating the incident.
- Shibboleth cvs announcement, Steven_Carmody, 06/01/2004
Archive powered by MHonArc 2.6.16.