Re: (unofficial) Debian project list status

To: debian-user@lists.debian.org
Subject: Re: (unofficial) Debian project list status
From: Hugo Vanwoerkom <hvw59601@care2.com>
Date: Tue, 25 Nov 2003 07:06:27 -0600
Message-id: <[🔎] bpvk4j$9e8$1@sea.gmane.org>
In-reply-to: <[🔎] 20031125104852.GK12945@ix.netcom.com>
References: <[🔎] 20031125104852.GK12945@ix.netcom.com>

Karsten M. Self wrote:

I've been lurking on the #debian-devel IRC channel, some info on lists.
This is an unofficial informational posting.


If you weren't already aware, several Debian project servers were
compromised by what appears to have been a password capture through one
of the Debian Developers.  This includes murphy, the listserver.  Debian
archives do _not_ appear to have been compromised.  More details will be
forthcoming through official sources.


  - Lists are processing again.

  - There's an adminstrative hold on messages posted between when the
    lists went down and were brought up again.  Depending on your
    timezone -- late Thursday the 20th through late Monday the 24th.  If
    you desperately need to see your message(s) posted, you might
    resubmit.  Expect some out-of-order delivery for a while.

  - There was a postfix upgrade which may be related to the above.

  - Things may be a little shakey for a few days yet, so be patient.
    Systems are being rebuilt from scratch, developers are resetting
    passwords and ssh access, and a lot of people are checking personal
    and project systems.


Pascal Hakim (listmaster for the Debian project) may have more to say
but is holding off until he can speak more authoritatively (I've clearly
got no such scruples).



Overall the response and speed of disclosure by the Debian project team
is commendable.  For updates:

    Back online, with informational links.

http://www.debian.org/

    Out-of-band information on the exploit, affected systems,

cleanup/detection procedures,http://www.wiggy.net/debian/

    Major informational sites:
    http://slashdot.org/
    http://lwn.net/
    http://www.sourceforge.net/


    IRC:  *READ THE TOPIC BEFORE ASKING QUESTIONS!  </please>

irc://irc.debian.org/#debianirc://irc.freenode.net/#debian


You might want to check that you're subscribed to debian-announce and/or
debian-security-announce.  Some notifications were posted to these lists
before murphy went down, not all subscribers saw these apparently.


Again, this is unofficial, though I've had some dd's look over the
bullet points above.  Thought it would be useful to subscribers.


Peace.

Great to see you back. Was an interesting experience: PC's are nothingwithout Debian...


Hugo.

Reply to:

Follow-Ups:
- Re: (unofficial) Debian project list status
  - From: "Karsten M. Self" <kmself@ix.netcom.com>

References:
- (unofficial) Debian project list status
  - From: "Karsten M. Self" <kmself@ix.netcom.com>

Prev by Date: wps -format?
Next by Date: Re: Anaconda, where's the beef?
Previous by thread: Re: (unofficial) Debian project list status
Next by thread: Re: (unofficial) Debian project list status
Index(es):
- Date
- Thread