Re: Infrastructer back online?

To: debian-security@lists.debian.org
Subject: Re: Infrastructer back online?
From: George Georgalis <george@galis.org>
Date: Sat, 10 Jan 2004 01:31:29 -0500
Message-id: <[🔎] 20040110063129.GD7437@trot.local>
In-reply-to: <[🔎] 20040109225155.498c5fb7.tfc4@lehigh.edu>
References: <[🔎] 200401072235.30505.jluehr@gmx.net> <[🔎] 20040108025432.GC28393@alcor.net> <[🔎] 20040108030823.GA16563@mhelas.home> <[🔎] 20040108034302.GE28393@alcor.net> <[🔎] 9iruvv8m4n26so1hc7prcoup8puj2sess2@4ax.com> <[🔎] 20040109225155.498c5fb7.tfc4@lehigh.edu>

On Fri, Jan 09, 2004 at 10:51:55PM -0500, Tim Cunningham wrote:
>On Sat, 10 Jan 2004 03:22:15 +0000
>Nick Boyce <nick@glimmer.demon.co.uk> wrote:
>> Which is the announcement about the November compromise.
>> That makes it sound like it _is_ a security issue .. 
>
>I think he ment that it wasn't important to maintaining the security of
>Debian.

maybe, but when I read this:

On Wed, Jan 07, 2004 at 06:54:32PM -0800, Matt Zimmerman wrote:
>On Wed, Jan 07, 2004 at 10:35:30PM +0100, Jan L??hr wrote:
>
>> noticing the increasing amount of secure-adv I'd like to ask, wheter the 
>> buid-deamons are back or wheter another issue is increasing the amount of 
>> advs rapidly.
>
>Everything is working again.

I have to think I'm either missing the meaning of everything or working.
esp when I look on packages.debian.org, which I would intuitively refer
to as the debian archive.

Does this mean everything is correctly under construction? -- and
I needn't worry about anything I cannot make sense of? (Things
will only get better now..) I certainly feel I'm being wedged into
the same corner as when I got security urgency=high updates before
security.debian.org was taken off line and an announcement that
debian.org was compromised. (Compulsion to audit _everything_.)  But I
did later learn that all that coincided with r2 (the new packages wern't
urgent and all the urgent packages where old updates), and therefore
I was current and safe through it, even though I didn't get an r2
announcement, or timely supplementary info. Maybe my nerves would have
been calmer if I was following IRC, where I guess the news was?

Hey, what happened, happened. My point is that even if there was no
more information or more timely distribution of technical facts, more
verbosity as to threat assessment, hypothesis and conclusion, would
have made a world of difference for the humans depending on the debian
integrity; via third party website or otherwise.

If that can be accepted, then my second observation is the complete
lack of post mortem commentary of the forensics used. What percentage
of debian users know how to mount -oloop a dd image? What _is_ the next
step?  In the spirit of GNU/debian I would hope the technical leads
would have some volition to mentor less skilled admins on the techniques
used to unwind the messr. I haven't _looked_ for post mortem notes but
I'm surprised not to have so much as heard that they are around.

// George

-- 
GEORGE GEORGALIS, System Admin/Architect    cell: 646-331-2027    <IXOYE><
Security Services, Web, Mail,            mailto:george@galis.org 
Multimedia, DB, DNS and Metrics.       http://www.galis.org/george

Reply to:

References:
- Infrastructer back online?
  - From: Jan Lühr <jluehr@gmx.net>
- Re: Infrastructer back online?
  - From: Matt Zimmerman <mdz@debian.org>
- Re: Infrastructer back online?
  - From: Martin Helas <mhelas@helas.net>
- Re: Infrastructer back online?
  - From: Matt Zimmerman <mdz@debian.org>
- Re: Infrastructer back online?
  - From: Nick Boyce <nick@glimmer.demon.co.uk>
- Re: Infrastructer back online?
  - From: Tim Cunningham <tfc4@lehigh.edu>

Prev by Date: Re: Infrastructer back online?
Next by Date: [OT] Re: Infrastructer back online?
Previous by thread: Re: Infrastructer back online?
Next by thread: cvs newpg compile error
Index(es):
- Date
- Thread