Respository vandalism by root at ...fd.o

Alan Coopersmith alan.coopersmith at
Wed Nov 24 07:24:21 PST 2010

Eirik Byrkjeflot Anonsen wrote:
> 2. What systems do we have in place that enables us to detect "evil
>    commits" once they actually make their way into the repository?  What
>    is the probability that they will be noticed?  Can we do anything to
>    increase this probability?

Distributed version control.   Developers should notice when attempting to push
to git if head had changed unexpectedly.   I'm sure google can find you some
background reading about how this works in git.

> 3. When incidents are detected (break-ins, abuse of admin rights, evil
>    commits, what have you...), what processes are in place to deal with
>    this?  What information is published, and in which fora, and when?
>    What investigations are performed, and what actions are carried out
>    as a result of such investigations?  Where are these processes
>    documented?

Those would be questions for our hosting provider,
X.Org does not control the machines.   There is a large
overlap in the groups, but we do not have the authority to speak for them.

	-Alan Coopersmith-        alan.coopersmith at
	 Oracle Solaris Platform Engineering: X Window System

More information about the xorg mailing list