(unofficial) Debian project list status

Tue, 25 Nov 2003 03:57:38 -0800 

I've been lurking on the #debian-devel IRC channel, some info on lists.
This is an unofficial informational posting.


If you weren't already aware, several Debian project servers were
compromised by what appears to have been a password capture through one
of the Debian Developers.  This includes murphy, the listserver.  Debian
archives do _not_ appear to have been compromised.  More details will be
forthcoming through official sources.


  - Lists are processing again.

  - There's an adminstrative hold on messages posted between when the
    lists went down and were brought up again.  Depending on your
    timezone -- late Thursday the 20th through late Monday the 24th.  If
    you desperately need to see your message(s) posted, you might
    resubmit.  Expect some out-of-order delivery for a while.

  - There was a postfix upgrade which may be related to the above.

  - Things may be a little shakey for a few days yet, so be patient.
    Systems are being rebuilt from scratch, developers are resetting
    passwords and ssh access, and a lot of people are checking personal
    and project systems.


Pascal Hakim (listmaster for the Debian project) may have more to say
but is holding off until he can speak more authoritatively (I've clearly
got no such scruples).



Overall the response and speed of disclosure by the Debian project team
is commendable.  For updates:

    Back online, with informational links.
    http://www.debian.org/  

    Out-of-band information on the exploit, affected systems,
    cleanup/detection procedures, 
    http://www.wiggy.net/debian/ 

    Major informational sites:
    http://slashdot.org/
    http://lwn.net/
    http://www.sourceforge.net/


    IRC:  *READ THE TOPIC BEFORE ASKING QUESTIONS!  </please>
    irc://irc.debian.org/#debian   
    irc://irc.freenode.net/#debian   


You might want to check that you're subscribed to debian-announce and/or
debian-security-announce.  Some notifications were posted to these lists
before murphy went down, not all subscribers saw these apparently.


Again, this is unofficial, though I've had some dd's look over the
bullet points above.  Thought it would be useful to subscribers.


Peace.

-- 
Karsten M. Self <[EMAIL PROTECTED]>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
   GNU/Linux web browsing mini review:  Galeon.  Kicks ass.
     http://galeon.sourceforge.org/

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to