On Wed, 2003-12-03 at 21:57, Logan Ingalls wrote:
Not that we're as large of a target for hackers, but one of Gentoo's central rsync servers was hacked yesterday:
http://lwn.net/Articles/61229/
I figured this might make a good time to ask: "How secure are cvsup.fukt.bth.se and crux.fh-regensburg.de?"
Logan
Maybe I'm the only one that missed this one, anyway it seems that also savannah.gnu.org has been compromised: http://savannah.gnu.org/statement.html Sad news. Back on topic, I said before that I'm not a security expert; if my machine get compromised, an attacker could gain access to crux.f-regensburg.de, or at least to the port tree. I think the same goes for other maintainers too. Quite scary, uh? Maybe we can find a solution to check for maliciuos cvs commits et similia. As Martin says in this thread, the only thing to "defend" is the cvs tree; any idea? Simone