Respository vandalism by root at ...fd.o

Luc Verhaegen libv at skynet.be
Tue Nov 23 22:31:38 PST 2010


On Tue, Nov 23, 2010 at 03:36:58PM -0800, Alan Coopersmith wrote:
> Alan Cox wrote:
> >> It's on a separate branch, not master.   (Doesn't mean it's right, just
> >> that it's not actually going to cripple anything or waste time for anyone
> >> who doesn't ask for it.)
> > 
> > And how many other un-noticed commits did this person make ? Until you
> > know that you have to assume a complete compromise.
> 
> Understood, but you'll also understand that's something we have to ask the
> freedesktop.org admins to investigate.   Like most X.Org developers, I
> can't even login to the server hosting git other than with the restricted
> shell used for git pushes.

See, this was exactly the problem here. It _was_ a freedesktop admin. 
And it was pretty clear that it was that from the onset too. Mailing 
fd.o admins, even if i could've dug up an email address in the split 
second that i wrote the email (heck, i even mistyped repository), was 
not the right course of action.

Luc Verhaegen.


More information about the xorg-devel mailing list