George Sakkis wrote: > [EMAIL PROTECTED] wrote: > > Robert Hicks wrote: > > > [EMAIL PROTECTED] wrote: > > > > T. Bryan wrote: > > > > > starship.python.net was compromised. It looked like a rootkit may > > > > > have been > > > > > installed. The volunteer admins are in the process of reinstalling > > > > > the OS > > > > > and rebuilding the system. That process will probably take a few > > > > > days at > > > > > least. > > > > > > > > Does anyone know more? > > > > > > > > What about the integrity of the python packages hosted there? > > > > When was the site compromised? > > > > I just installed the python 2.5 pywin module last week. > > > > Should I be concerned? > > > > > > > > Is this related to the Python security problem recently announced? > > > > > > Did you even read about the vulnerability? > > > > Yes. Do you have any answers, or do you just enjoy posting irrevelant > > responses? > > I guess his response implied that what's irrelevant here is the > vulnerability, and accordingly your worries about it.
Then perhaps he should have said that, in which case I would have explained why he did not understand what he read. Let me try again... 1. A site which hosts (I think, hence the questions) a number of high profile, popular python projects was compomised. 2. It was compromised with a root kit which by their nature, often go undetected for a long time. 3. It is common for miscreants to attempt to introduce backdoors into software that will be widely distributed. 4. Anyone downloading and installing such trojaned software will also be compromised. 5. Verifying that such a thing has not happened can be very difficult, particularly if the date and other details of the compromise cannot be accurately determined. 6. Many organisations give image and pr a higher priority than the safety of their customers/users and wave off security breechs with "don't worry, everything is fine. We're sure nothing has been touched" when in fact they have no idea. 7. I have seen no public statements or information about this leading me to wonder about the stuation and how it's being handled, hence my seeking of further information. That's what I am concerned about, ok? I don't really care how the site was compromised and my question about the python security vunerability was curiosity. But, I am still completely at a loss why you, he, or anyone, based on the information presented so far,.would conclude that the python security problem is unrelated. Care to enlighten me? But more inmportantly, how about addressing my original questions which are, even if you do not think so, pretty important for anyone who has recently downloaded software from or built there. -- http://mail.python.org/mailman/listinfo/python-list
