diff options
author | Joey Hess <joey@kitenet.net> | 2014-09-18 18:24:20 -0400 |
---|---|---|
committer | Joey Hess <joey@kitenet.net> | 2014-09-18 18:24:20 -0400 |
commit | 396fb3adf59852ba4885c82c4d8324ed9238a4bd (patch) | |
tree | 73df3dcf3159e2be9beed956603e4d0af97f222b /doc/devblog/day_221__another_fine_day_of_bugfixing.mdwn | |
parent | 2df9a6f1c9eff911cf27ab788cb28c78f6d20535 (diff) |
devblog
Diffstat (limited to 'doc/devblog/day_221__another_fine_day_of_bugfixing.mdwn')
-rw-r--r-- | doc/devblog/day_221__another_fine_day_of_bugfixing.mdwn | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/doc/devblog/day_221__another_fine_day_of_bugfixing.mdwn b/doc/devblog/day_221__another_fine_day_of_bugfixing.mdwn new file mode 100644 index 000000000..0c26f5735 --- /dev/null +++ b/doc/devblog/day_221__another_fine_day_of_bugfixing.mdwn @@ -0,0 +1,10 @@ +Working through the forum posts and bugs. Backlog is down to 95. + +Discovered the first known security hole in git-annex! +Turns out that S3 and Glacier remotes that were configured with embedcreds=yes and encryption=pubkey or encryption=hybrid +didn't actually encrypt the AWS credentials that get embedded into the git +repo. This doesn't affect any repos set up by the assistant. + +I've fixed the problem and am going to make a release soon. +If your repo is affected, see +[[upgrades/insecure_embedded_creds]] for what to do about it. |