[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security incident on Alioth and other Alioth news

[ This is the last public response, just to let other potential volunteers
jump in, the rest of the discussion should continue between
admin@alioth.debian.org and the people interested to help ]

On Thu, 07 Sep 2006, Henrique de Moraes Holschuh wrote:
> I am not ordering anyone to do anything.  Sorry if it sounded like this, but
> on the other hand, I did not appreciate your sarcastic reply either, which
> is why I used a tongue-in-cheek tone.

Sorry if my mail sounded like sarcastic, it was just an honest answer of
the current situation.

> Well, what could I help you with that would allow Alioth to drop password
> logins?

Let's start discussing the consequences. Do other Alioth admins have a
problem changing this configuration?

(please keep hmh in the CC when replying to)

> > Are you volunteering to help us on a daily basis or are you only giving
> > orders to your fellow ?
> Sure I can help.  Please point me and other volunteers to where we can find
> a task list, and how do we coordinate with you guys.

Sorry I won't publish a public task list but I can tell any interested
individuals what we have to do (or rather what we should do).

Right now, the biggest part where you can help us is in the review of the
all web apps that are installed. I expect the difficult part is to come up
with a working single-host but multi-site configuration for each of those.
We'll certainly have to work with the maintainers of some of those
packages (when they are already packaged).

If some more volunteers would like to help, feel free to join.

Raphaël Hertzog

Premier livre français sur Debian GNU/Linux :

Reply to: