[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: more details on the recent compromise of debian.org machines

On Fri, Nov 28, 2003 at 01:04:00AM +0000, James Troup wrote:
>                         Where do we go from here?
>                         -------------------------

> Unfortunately due to the fact there is (I believe) an unknown local
> root exploit in the wild, we can't yet unlock the Debian accounts.
> Obviously we can't continue without LDAP accounts for very long
> either.  At the moment I'd ask for a little more patience both a)
> while the painful and painstaking task of restoring machines one by
> one is completed and b) while we try and exhaust all reasonable
> avenues of investigation to determine how the attacker went from
> unprivileged to root.

Is the security-team also not operational currently? I.e. can they
build and upload packages to security.d.o? If they are not operational
it might make sense to announce this on security-announce.
                cu andreas

Reply to: