Respository vandalism by root at ...fd.o

Luc Verhaegen libv at skynet.be
Tue Nov 23 07:27:38 PST 2010


On Tue, Nov 23, 2010 at 10:25:33AM -0500, Gaetan Nadon wrote:
> On Tue, 2010-11-23 at 13:57 +0100, Luc Verhaegen wrote:
> 
> > > It is clear that this is not a normal security breach, as this
> > commit is 
> > > fully in line with the naming scheme used by fd.o. Plus, given the 
> > > history of radeonhd, combined with who i think have root access,
> > makes 
> > > it seem quite likely that this was simply one of the people with
> > regular 
> > > root access.
> > 
> 
> I had noticed this appalling commit, looked around and came to the same
> conclusion.
> I had also received an e-mail alerting me about this commit. This is not
> a good use of our time.
> 
> The commit should actually be removed from the repository, or at least
> reverted, 
> to save other people from wasting time on this. Their wiki states that
> radeonhd is deprecated,
> which is fine, but that does not mean it should be crippled.
> 
> That would be the honorable thing to do for the author of this commit.
> I make mistakes, people tell me nicely, I fix them and life goes on.
> 
> Gaetan

Still, would you really want to trust your code to freedesktop.org after 
this, knowing that there's someone with root access pulling stunts like 
this?

Luc Verhaegen.


More information about the xorg-devel mailing list