After a long day and night we are getting a reasonable overview of what happened to the various Debian servers and what we need to do to get everything up and running again. This mail has an overview of the current status and what will happen in the next few days. Lets start with the current status: four machines (gluck, klecker, master and murphy) are known to be compromised. All services on those machines have been shut down or moved to different machines so we can take the necessary time to determine what happened and restore the machines. Shell access to quantz (which hosts alioth, arch and svn.debian.org) has also been shut down for the moment as a preventive measure. All accounts have been locked as a safety precaution. If you have or had access to a Debian machine and were using the same password on other machines you are strongly advised to change it as soon as possible. When the cleanup is done all passwords will be invalidated and accounts unlocked and people can request a new password through the email robot on db.debian.org . We expect to need until Wednesday and ask for your patience until then. Afterwards when we have all the facts we will explain what exactly happened and how we hope to prevent this from happening again in the future. Wichert. -- Wichert Akkerman <email@example.com> It is simple to make things. http://www.wiggy.net/ It is hard to make things simple.
Description: PGP signature