Respository vandalism by root at ...fd.o
alan.coopersmith at oracle.com
Tue Nov 23 16:04:11 PST 2010
Frans de Boer wrote:
> On 11/24/2010 12:40 AM, Alan Coopersmith wrote:
>> Frans de Boer wrote:
>>> Just like to inquire whether the observed behavior was a real security
>>> breach - someone introducing (maybe over time) a backdoor or the like -
>>> or just sloppy behavior. In other words, can we still trust the xorg
>>> repositories or are they compromised in some way?
>>> People and companies depend on xorg functionality without backdoors or
>>> the like. At the first sign of xorg repositories being compromised, I
>>> have to pull the plug on systems relying on xorg functionality. Please
>>> make sure what really happened and then inform the community. this
>>> thread only give rise to fears without - so it seems - verified facts.
>> Yes, the original poster's announcement to the list in general and directly
>> to phoronix without notifying the developers or admins first seems to have
>> been designed to do exactly that - raise fears without facts.
> Hm, are you willing to put both your hands in the fire for this claim? I
> just note that you use the word "seems", which indicates to me that you
> are not sure either.
My only claim was about the method in which the issue was announced to
drum up maximum attention before investigation could be held.
> Assumptions might bring only more fear and/or uncertainly about the
> integrity of the xorg code.
I have already stated that we need the freedesktop.org admins to investigate.
I am not going to hinder their investigation or waste anyone's time second
guessing them in public.
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Platform Engineering: X Window System
More information about the xorg