[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OK, may be not a hoax... (was Re: Hoax: Re: What up with www.debian.org ?)

on Fri, Nov 21, 2003 at 11:50:40AM -0800, Brian Nelson (pyro@debian.org) wrote:
> Arnt Karlsen <arnt@c2i.net> writes:
> 
> > On Fri, 21 Nov 2003 02:00:35 -0800, 
> > Brian Nelson <pyro@debian.org> wrote in message 
> >> > There should be an official announcement one way or the other soon.
> >> 
> >> Yes, within the next hour.
> >
> > ..www.debian.org and debian.org are both up, but still no statement at 
> > Fri Nov 21 14:27:28 CET 2003.
> 
> I guess you don't subscribe to debian-announce?

I guess debian-announce took four days to deliver to me.  What with 27k
subscribers, I wasn't far up enough on the queue.  I've seen mrtg graphs
of deliveries and queues for d-u the past few days, and they're not
pretty.



There was some discussion of this already with Manoj and others on IRC.
The upshot that a disaster plan, including communications needs and some
general plan, capability, or requirement that critical announce lists be
capable of being run on a jury-rigged basis if needed.

My specific suggestion:  reasonably current (say, within the past week)
subscriber lists for d-a and d-s-a be maintained off the primary Debian
mailservers, where critical people (listmaster, press, debian-leader)
can, if needed, make a broadcast announcement of trouble.  In a pinch
this could be done through a handcrafted alias within an MTA, or a shell
script.  The main requirement would be that a box with a sufficiently
high bandwidth connection to handle an outbound delivery be available.

Also to be addressed:  any special mitigation, cleanup, forensics, or
analysis steps which should be made.  I took the prophilactic precaution
of running "apt-get clean" on all my systems once I heard of the
compromise (unnecessary as it turns out), though others were asking what
if any security precautions they should take.



We did pretty well, considering murphy was down and with it all lists.
Between IRC, Slashdot, and several other news and web sites, _I_ had a
pretty good idea of what was going on (though I wasn't sure what if
anything I should do).  Others were markedly less informed.  I helped
get word out where I could.


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
   NPR:  Radio for between the ears:  http://www.npr.org/

Attachment: pgp9gtkcecsQd.pgp
Description: PGP signature

Reply to: