[racket-dev] odd error message in race setup

From: Neil Van Dyke (neil at neilvandyke.org)
Date: Thu Mar 8 18:38:10 EST 2012

Previous message: [racket-dev] odd error message in race setup
Next message: [racket-dev] odd error message in race setup
Messages sorted by: [date] [thread] [subject] [author]

Probably mere coincidence, but GitHub has disclosed a security 
vulnerability of their service, which was exploited to target Rails 
developers and unnamed others: 
https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation

Neil Van Dyke wrote at 03/08/2012 06:32 PM:
> Robby Findler wrote at 03/08/2012 05:45 PM:
>> Looks like something is trying to ssh while building the docs?
>
> Can whoever figures this out let the list know, or email me 
> privately?  Thanks.
>
> If it turns out that a use of SSH made it into a *released* version of 
> Racket source, I might have to take a look at it, regardless of how 
> legitimate it is.
>
> (Looks like something is trying to SSH, and "localhost"'s fingerprint 
> disagrees with user's SSH "known_hosts".  So might have been going on 
> for a while, quietly, and only noticed now because of the unusual 
> situation of the fingerprint being different.  And noticed because 
> someone was paying attention to the "raco setup" logs (if that indeed 
> "raco setup" process was the source, rather than some other process 
> that just had a handle for the stdio/terminal).  I don't "grep" an 
> obvious use of SSH in the 5.2.1 sources I'm using right now.)

-- 
http://www.neilvandyke.org/

Posted on the dev mailing list.

Previous message: [racket-dev] odd error message in race setup
Next message: [racket-dev] odd error message in race setup
Messages sorted by: [date] [thread] [subject] [author]