Respository vandalism by root at ...fd.o

[Alan Coopersmith]

Frans de Boer wrote:
> On 11/24/2010 12:40 AM, Alan Coopersmith wrote:
>> Frans de Boer wrote:
>>   
>>> Just like to inquire whether the observed behavior was a real security
>>> breach - someone introducing (maybe over time) a backdoor or the like -
>>> or just sloppy behavior. In other words, can we still trust the xorg
>>> repositories or are they compromised in some way?
>>>
>>> People and companies depend on xorg functionality without backdoors or
>>> the like. At the first sign of xorg repositories being compromised, I
>>> have to pull the plug on systems relying on xorg functionality. Please
>>> make sure what really happened and then inform the community. this
>>> thread only give rise to fears without - so it seems - verified facts.
>>>     
>> Yes, the original poster's announcement to the list in general and directly
>> to phoronix without notifying the developers or admins first seems to have
>> been designed to do exactly that - raise fears without facts.
>>
>>   
> Hm, are you willing to put both your hands in the fire for this claim? I
> just note that you use the word "seems", which indicates to me that you
> are not sure either. 

My only claim was about the method in which the issue was announced to
drum up maximum attention before investigation could be held.

> Assumptions might bring only more fear and/or uncertainly about the
> integrity of the xorg code.

I have already stated that we need the freedesktop.org admins to investigate.
I am not going to hinder their investigation or waste anyone's time second
guessing them in public.

-- 
	-Alan Coopersmith-        alan.coopersmith at oracle.com
	 Oracle Solaris Platform Engineering: X Window System