Re: [debian-devel] Re: more details on the recent compromise of debian.org machines
A levelezőm azt hiszi, hogy Matt Zimmerman a következőeket írta:
> On Fri, Nov 28, 2003 at 10:08:45AM +0100, Bernd Eckenfels wrote:
>
> > In the final announcement I would add also a statement about reducing the
> > number of trust relations between the machines and perhaps limiting shell
> > access.
>
> It seems fairly clear that this was not an issue because the compromised
> user had accounts on all of the relevant systems.
It occurs to me that
-limiting shell access did save one machine for some time
-this machine had been compromised using a trust relationship
between it and an other compromized debian machine
The question (as ever):
What is the good balance between security (limiting access
and trust relationship in this case), and efficiency of processes
(debian developers' work in this case)?
I demand that the above may or may not mean that trust relationships
and shell access should be restricted, but certainly means that the
possibility and impacts of such measures should be thought about.
--
GNU GPL: csak tiszta forrásból
Reply to: