Respository vandalism by root at ...fd.o

Maarten Maathuis madman2003 at gmail.com
Tue Nov 23 07:34:52 PST 2010


On Tue, Nov 23, 2010 at 4:27 PM, Luc Verhaegen <libv at skynet.be> wrote:
> On Tue, Nov 23, 2010 at 10:25:33AM -0500, Gaetan Nadon wrote:
>> On Tue, 2010-11-23 at 13:57 +0100, Luc Verhaegen wrote:
>>
>> > > It is clear that this is not a normal security breach, as this
>> > commit is
>> > > fully in line with the naming scheme used by fd.o. Plus, given the
>> > > history of radeonhd, combined with who i think have root access,
>> > makes
>> > > it seem quite likely that this was simply one of the people with
>> > regular
>> > > root access.
>> >
>>
>> I had noticed this appalling commit, looked around and came to the same
>> conclusion.
>> I had also received an e-mail alerting me about this commit. This is not
>> a good use of our time.
>>
>> The commit should actually be removed from the repository, or at least
>> reverted,
>> to save other people from wasting time on this. Their wiki states that
>> radeonhd is deprecated,
>> which is fine, but that does not mean it should be crippled.
>>
>> That would be the honorable thing to do for the author of this commit.
>> I make mistakes, people tell me nicely, I fix them and life goes on.
>>
>> Gaetan
>
> Still, would you really want to trust your code to freedesktop.org after
> this, knowing that there's someone with root access pulling stunts like
> this?
>
> Luc Verhaegen.
> _______________________________________________
> xorg-devel at lists.x.org: X.Org development
> Archives: http://lists.x.org/archives/xorg-devel
> Info: http://lists.x.org/mailman/listinfo/xorg-devel
>

It's obvious the person must be found, and regardless of whether the
person is found, change the root password and only tell those who are
known to be trustworthy still.

-- 
Far away from the primal instinct, the song seems to fade away, the
river get wider between your thoughts and the things we do and say.


More information about the xorg-devel mailing list