Re: (unofficial) Debian project list status

To: debian-user <debian-user@lists.debian.org>
Subject: Re: (unofficial) Debian project list status
From: Clive Menzies <clive@clivemenzies.co.uk>
Date: Tue, 25 Nov 2003 15:48:53 +0000
Message-id: <[🔎] 20031125154853.GF789@apollo>
Mail-followup-to: debian-user <debian-user@lists.debian.org>
In-reply-to: <[🔎] 20031125104852.GK12945@ix.netcom.com>
References: <[🔎] 20031125104852.GK12945@ix.netcom.com>

On (25/11/03 02:48), Karsten M. Self wrote:
> I've been lurking on the #debian-devel IRC channel, some info on lists.
> This is an unofficial informational posting.
> 
> 
> If you weren't already aware, several Debian project servers were
> compromised by what appears to have been a password capture through one
> of the Debian Developers.  This includes murphy, the listserver.  Debian
> archives do _not_ appear to have been compromised.  More details will be
> forthcoming through official sources.
> 
> 
>   - Lists are processing again.
> 
>   - There's an adminstrative hold on messages posted between when the
>     lists went down and were brought up again.  Depending on your
>     timezone -- late Thursday the 20th through late Monday the 24th.  If
>     you desperately need to see your message(s) posted, you might
>     resubmit.  Expect some out-of-order delivery for a while.
> 
>   - There was a postfix upgrade which may be related to the above.
> 
>   - Things may be a little shakey for a few days yet, so be patient.
>     Systems are being rebuilt from scratch, developers are resetting
>     passwords and ssh access, and a lot of people are checking personal
>     and project systems.
> 
> 
> Pascal Hakim (listmaster for the Debian project) may have more to say
> but is holding off until he can speak more authoritatively (I've clearly
> got no such scruples).
> 
> 
> 
> Overall the response and speed of disclosure by the Debian project team
> is commendable.  For updates:
> 
>     Back online, with informational links.
>     http://www.debian.org/  
> 
>     Out-of-band information on the exploit, affected systems,
>     cleanup/detection procedures, 
>     http://www.wiggy.net/debian/ 
> 
>     Major informational sites:
>     http://slashdot.org/
>     http://lwn.net/
>     http://www.sourceforge.net/
> 
> 
>     IRC:  *READ THE TOPIC BEFORE ASKING QUESTIONS!  </please>
>     irc://irc.debian.org/#debian   
>     irc://irc.freenode.net/#debian   
> 
> 
> You might want to check that you're subscribed to debian-announce and/or
> debian-security-announce.  Some notifications were posted to these lists
> before murphy went down, not all subscribers saw these apparently.
> 
> 
> Again, this is unofficial, though I've had some dd's look over the
> bullet points above.  Thought it would be useful to subscribers.

Thanks Karsten

There didn't seem to be much news available other than the story dated
21 Nov on slashdot.  The weekend was something of a black hole ;)

Regards

Clive

-- 
http://www.clivemenzies.co.uk
strategies for business

Reply to:

References:
- (unofficial) Debian project list status
  - From: "Karsten M. Self" <kmself@ix.netcom.com>

Prev by Date: Re: finding what is using a mount point
Next by Date: Re: *plonk* Re: Code of Conduct (was Re: Totally [OT] Re: Opium)
Previous by thread: (unofficial) Debian project list status
Next by thread: Re: (unofficial) Debian project list status
Index(es):
- Date
- Thread