Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

FYI... Server breach likely to delay Gnome
 View unanswered posts
View posts from last 24 hours
View posts from last 7 days

 
Reply to topic    Gentoo Forums Forum Index Desktop Environments
View previous topic :: View next topic  
Author Message
wallace1819
Apprentice
Apprentice


Joined: 17 Aug 2002
Posts: 195
Location: VT
PostPosted: Thu Mar 25, 2004 2:05 pm    Post subject: FYI... Server breach likely to delay Gnome Reply with quote
http://news.com.com/2100-7349_3-5178168.html

By Robert Lemos
Staff Writer, CNET News.com
March 23, 2004

The Gnome Project said Tuesday that its servers have apparently been
breached, potentially delaying the latest release of its desktop
system for Linux.

In a e-mail alert sent Tuesday, the managers of the project told
developers that they had found evidence indicating that the server
hosting Gnome.org had been breached. Gnome and its rival KDE provide
the two major desktop systems used on computers running the Linux
operating system.

"We are investigating further and will provide updates as we know
more," Owen Taylor, a member of the Gnome system administration team
and a software engineer for Red Hat's desktop group, stated in a
two-paragraph advisory on the Gnome Announcements mailing list. "We
hope to have the essential services hosted on the affected machine up
and running again as soon as possible."

The short message also stated that the administrators believed the
source code repository, which contains the current development work on
Gnome software, was unaffected by the breach.

A member of the Gnome development team said that the next version of
the software, Gnome 2.6, will likely be delayed a few days while the
project members investigate the breach. The software was scheduled to
be released on Wednesday.

"We don't expect any significant effect on Gnome development," the
team member said on condition of anonymity. "Because it happened right
before the 2.6 release, we'll probably have to push (the release) back
a few days but that should be all."

The apparent trespass is the latest blow for the security of
open-source development projects.

In November, the servers for two Linux projects--Debian and
Gentoo--were compromised. Earlier the same month, an attacker managed
to gain access to a server that mirrored the latest version of the
code for the Linux kernel. And in March and December separate attacks
on servers hosting software under development by the GNU Project, the
source of much of the free software used by Linux, successfully
breached those systems.

Members of the Gnome Project noticed some "suspicious processes
running on the Gnome.org" server, said the developer. An investigation
revealed several files in a temporary directory that led the team to
believe that someone was able to run commands and to search for
vulnerabilities.

"As far as we know at this point no damage was done other than the
loss of services while we clean up and get things back in place," said
the team member. "We're, of course, investigating thoroughly to make
sure that we know the full extent of the break-in and will provide a
full update to the community when we finish that."
Back to top
View user's profile Send private message
dreas
Guru
Guru


Joined: 06 Aug 2003
Posts: 359
Location: Germany
PostPosted: Thu Mar 25, 2004 3:23 pm    Post subject: Reply with quote
The new release date is already set: March 31st, 2004

Quote:
Hi everyone,

As a result of the recent web server intrusion, the release team has chosen
to delay the announcement of GNOME 2.6 until March 31st.

While we have determined that none of our released sources were affected, we
are showing due caution by giving the sysadmin team plenty of time to finish
their investigation and restore critical services. Apologies for the delay,
especially for all our friends around the world who have organised GNOME 2.6
release parties!

For further updates, please subscribe to gnome-announce-list, or watch this
thread in the archives:

http://mail.gnome.org/archives/gnome-announce-list/2004-March/thread.html#00113

Many thanks to the (now somewhat underslept) sysadmin team and helpers for
their swift and thorough response. Please raise a toast to them at your 2.6
release party of choice. :-)

Thanks,

- Jeff
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Desktop Environments All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy