Respository vandalism by root at ...fd.o

Frans de Boer frans at fransdb.nl
Tue Nov 23 15:56:15 PST 2010


On 11/24/2010 12:40 AM, Alan Coopersmith wrote:
> Frans de Boer wrote:
>   
>> Just like to inquire whether the observed behavior was a real security
>> breach - someone introducing (maybe over time) a backdoor or the like -
>> or just sloppy behavior. In other words, can we still trust the xorg
>> repositories or are they compromised in some way?
>>
>> People and companies depend on xorg functionality without backdoors or
>> the like. At the first sign of xorg repositories being compromised, I
>> have to pull the plug on systems relying on xorg functionality. Please
>> make sure what really happened and then inform the community. this
>> thread only give rise to fears without - so it seems - verified facts.
>>     
> Yes, the original poster's announcement to the list in general and directly
> to phoronix without notifying the developers or admins first seems to have
> been designed to do exactly that - raise fears without facts.
>
>   
Hm, are you willing to put both your hands in the fire for this claim? I
just note that you use the word "seems", which indicates to me that you
are not sure either. Maybe just scrutinize the repository for integrity
reasons and notify freedesktop.org of an assumed (but not yet confirmed)
breach (if not done already). Also, ask developers to cross reference
their code with the repository on freedesktop.org.
Assumptions might bring only more fear and/or uncertainly about the
integrity of the xorg code.

Frans.



More information about the xorg mailing list