FYI [Fwd: (unofficial) Debian project list status]

Hanasaki JiJi hanasaki at hanaden.com
Thu Nov 27 04:32:48 CST 2003 

-------- Original Message --------
Subject: (unofficial) Debian project list status
Resent-Date: Tue, 25 Nov 2003 04:49:40 -0600 (CST)
Resent-From: debian-user at lists.debian.org
From: Karsten M. Self <kmself at ix.netcom.com>
To: debian-user <debian-user at lists.debian.org>

I've been lurking on the #debian-devel IRC channel, some info on lists.
This is an unofficial informational posting.

If you weren't already aware, several Debian project servers were
compromised by what appears to have been a password capture through one
of the Debian Developers.  This includes murphy, the listserver.  Debian
archives do _not_ appear to have been compromised.  More details will be
forthcoming through official sources.

- Lists are processing again.

- There's an adminstrative hold on messages posted between when the
lists went down and were brought up again.  Depending on your
timezone -- late Thursday the 20th through late Monday the 24th.  If
you desperately need to see your message(s) posted, you might
resubmit.  Expect some out-of-order delivery for a while.

- There was a postfix upgrade which may be related to the above.

- Things may be a little shakey for a few days yet, so be patient.
Systems are being rebuilt from scratch, developers are resetting
passwords and ssh access, and a lot of people are checking personal
and project systems.

Pascal Hakim (listmaster for the Debian project) may have more to say
but is holding off until he can speak more authoritatively (I've clearly
got no such scruples).

Overall the response and speed of disclosure by the Debian project team
is commendable.  For updates:

Back online, with informational links.
http://www.debian.org/

Out-of-band information on the exploit, affected systems,
cleanup/detection procedures,
http://www.wiggy.net/debian/

Major informational sites:
http://slashdot.org/
http://lwn.net/
http://www.sourceforge.net/

IRC:  *READ THE TOPIC BEFORE ASKING QUESTIONS!  </please>
irc://irc.debian.org/#debian
irc://irc.freenode.net/#debian

You might want to check that you're subscribed to debian-announce and/or
debian-security-announce.  Some notifications were posted to these lists
before murphy went down, not all subscribers saw these apparently.

Again, this is unofficial, though I've had some dd's look over the
bullet points above.  Thought it would be useful to subscribers.

Peace.

--
Karsten M. Self <kmself at ix.netcom.com>        http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
GNU/Linux web browsing mini review:  Galeon.  Kicks ass.
http://galeon.sourceforge.org/

--
= Management is doing things right; leadership is doing the     =
=       right things.    - Peter Drucker                        =
=_______________________________________________________________=
=     http://www.sun.com/service/sunps/jdc/javacenter.pdf       =
=  www.sun.com | www.javasoft.com | http://www.sun.com/sunone   =

More information about the Kclug mailing list