Respository vandalism by root at ...fd.o
Frans de Boer
frans at fransdb.nl
Tue Nov 23 16:11:54 PST 2010
On 11/24/2010 01:04 AM, Alan Coopersmith wrote:
> Frans de Boer wrote:
>> On 11/24/2010 12:40 AM, Alan Coopersmith wrote:
>>> Frans de Boer wrote:
>>>> Just like to inquire whether the observed behavior was a real security
>>>> breach - someone introducing (maybe over time) a backdoor or the like -
>>>> or just sloppy behavior. In other words, can we still trust the xorg
>>>> repositories or are they compromised in some way?
>>>> People and companies depend on xorg functionality without backdoors or
>>>> the like. At the first sign of xorg repositories being compromised, I
>>>> have to pull the plug on systems relying on xorg functionality. Please
>>>> make sure what really happened and then inform the community. this
>>>> thread only give rise to fears without - so it seems - verified facts.
>>> Yes, the original poster's announcement to the list in general and directly
>>> to phoronix without notifying the developers or admins first seems to have
>>> been designed to do exactly that - raise fears without facts.
>> Hm, are you willing to put both your hands in the fire for this claim? I
>> just note that you use the word "seems", which indicates to me that you
>> are not sure either.
> My only claim was about the method in which the issue was announced to
> drum up maximum attention before investigation could be held.
>> Assumptions might bring only more fear and/or uncertainly about the
>> integrity of the xorg code.
> I have already stated that we need the freedesktop.org admins to investigate.
> I am not going to hinder their investigation or waste anyone's time second
> guessing them in public.
Sorry, my email crossed yours I noticed. Please don't feel attacked or
the like. I just sit still and await any further 'real' news for now.
More information about the xorg