[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Xen Security Notice 1 v1 - winpvdrvbuild.xenproject.org potentially compromised

To: win-pv-devel@xxxxxxxxxxxxxxxxxxxx
From: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
Date: Sat, 15 Jul 2023 02:52:32 +0200
Cc: "Xen.org security team" <security@xxxxxxx>
Delivery-date: Sat, 15 Jul 2023 00:52:50 +0000
Feedback-id: i1568416f:Fastmail
List-id: Developer list for the Windows PV Drivers subproject <win-pv-devel.lists.xenproject.org>

On Fri, Jul 14, 2023 at 05:41:00PM +0000, Xen.org security team wrote:
> We have removed all previous binaries from:
> 
> https://xenbits.xen.org/pvdrivers/win/
> 
> A new set of drivers based on the current master branch
> (9.0-unstable) and built on a trusted environment have been uploaded
> on the same folder with the following hashes:

Thanks for providing some builds at this time, but I have few questions:
1. Can the directory structure be preserved? Specifically, it used to be
/pvdrivers/win/VERSION/*.tar, now the version subdirectory is gone.
2. Can the exact commit ids for each of the component be mentioned
explicitly?
3. Are there any plans for publishing (soon) re-builds of some released
version, instead of a development one? For example 9.0.0(*), or maybe also
8.2.2?

(*) BTW looking at repositories, I do not see 9.0.0 tag (there is only
9.0.0-rc1). Is the official 9.0.0 release the same as -rc1 ?

-- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab

Attachment: signature.asc
Description: PGP signature

Prev by Date: XENBUS-master - Build #246 - Unstable
Previous by thread: XENBUS-master - Build #246 - Unstable
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.