Respository vandalism by root at ...fd.o

Frans de Boer frans at fransdb.nl
Tue Nov 23 15:11:39 PST 2010


On 11/23/2010 11:56 PM, Alan Cox wrote:
>> It's on a separate branch, not master.   (Doesn't mean it's right, just
>> that it's not actually going to cripple anything or waste time for anyone
>> who doesn't ask for it.)
>>     
> And how many other un-noticed commits did this person make ? Until you
> know that you have to assume a complete compromise.
>
> Alan
> _______________________________________________
> xorg at lists.freedesktop.org: X.Org support
> Archives: http://lists.freedesktop.org/archives/xorg
> Info: http://lists.freedesktop.org/mailman/listinfo/xorg
> Your subscription address: frans at fransdb.nl
>   
Just like to inquire whether the observed behavior was a real security
breach - someone introducing (maybe over time) a backdoor or the like -
or just sloppy behavior. In other words, can we still trust the xorg
repositories or are they compromised in some way?

People and companies depend on xorg functionality without backdoors or
the like. At the first sign of xorg repositories being compromised, I
have to pull the plug on systems relying on xorg functionality. Please
make sure what really happened and then inform the community. this
thread only give rise to fears without - so it seems - verified facts.

Frans.



More information about the xorg mailing list