Respository vandalism by root at ...fd.o

Pat Kane pekane52 at gmail.com
Wed Nov 24 18:34:21 PST 2010 

  > .. we can go forward with development & releases

I agree.  Since Adam and Daniel did the right thing and admitted to the prank[1]
we can go forward with a release.

Pat
---

[1] admitting to making a blunder is hard to do, I know from personal
experience, so I
     think both Adam and Daniel have both shown good character.

On Wed, Nov 24, 2010 at 3:17 PM, Alan Coopersmith
<alan.coopersmith at oracle.com> wrote:
> So, wearing my X11R7.6 Release Manager hat, I am willing to accept
> that the git repositories are not known to be compromised by an
> outside actor, and that we can go forward with development & releases
> as normal.
>
> I had been quietly holding off on doing any more releases until the
> issue was investigated, but am now satisfied that we know with reasonable
> certainty how the "spigot" branch & "jerkcity" commit came to be in
> the radeonhd git repo.   While Adam & Daniel's judgment in making those
> was obviously unsound, I still feel I can rely on their integrity, so if
> they say this was an isolated incident and that no other repos were
> illicitly modified, I believe them.   (But then, I also have faith in
> git's sha1 hashes of commits to reinforce this and help us spot any
> unauthorized commits others may attempt to make, as discussed elsewhere
> in this thread.)
>
> Of course, when making releases I do look over the commits included,
> in order to judge what sort of version number increase is warranted
> by the changes included (i.e. version += 0.0.1 for configure script
> updates & janitorial cleanups, version += 0.1 for new features) and
> to be able to summarize the changes in the release announcements,
> so would hopefully spot any out-of-place commits and hope that other
> developers & maintainers are doing the same.
>
> (Before I get any more e-mail or IRC chatter berating me for downplaying
>  the seriousness of this issue, I am only addressing in this message my
>  personal opinion of whether we can go forward with using the git repos
>  on freedesktop.org as normal, not discussing the original action or its
>  repercussions outside the ability of the rest of us to get back to work.)
>
> --
>        -Alan Coopersmith-        alan.coopersmith at oracle.com
>         Oracle Solaris Platform Engineering: X Window System
>
> _______________________________________________
> xorg-devel at lists.x.org: X.Org development
> Archives: http://lists.x.org/archives/xorg-devel
> Info: http://lists.x.org/mailman/listinfo/xorg-devel
>

More information about the xorg-devel mailing list