Respository vandalism by root at ...fd.o

Luc Verhaegen libv at skynet.be
Tue Nov 23 08:35:45 PST 2010


On Tue, Nov 23, 2010 at 08:32:10AM -0800, Alan Coopersmith wrote:
> Gaetan Nadon wrote:
> > On Tue, 2010-11-23 at 13:57 +0100, Luc Verhaegen wrote:
> >> > It is clear that this is not a normal security breach, as this
> >> commit is
> >> > fully in line with the naming scheme used by fd.o. Plus, given the
> >> > history of radeonhd, combined with who i think have root access, makes
> >> > it seem quite likely that this was simply one of the people with
> >> regular
> >> > root access.
> >>
> > I had noticed this appalling commit, looked around and came to the same
> > conclusion.
> > I had also received an e-mail alerting me about this commit. This is not
> > a good use of our time.
> > 
> > The commit should actually be removed from the repository, or at least
> > reverted,
> > to save other people from wasting time on this. Their wiki states that
> > radeonhd is deprecated,
> > which is fine, but that does not mean it should be crippled.
> 
> It's on a separate branch, not master.   (Doesn't mean it's right, just
> that it's not actually going to cripple anything or waste time for anyone
> who doesn't ask for it.)
> 
> The last update on the radeonhd master branch is 6 months ago.

Sure, it's a separate branch.
Sure, you can easily remove the branch.

But the base fact is: someone took advantage of his fd.o admin rights to 
do this.

Luc Verhaegen.



More information about the xorg mailing list