Slashdot Mirror
Debian Project Servers Compromised
Sean was one of many to pass along
the bad news
from the debian-announce mailing list: "Some Debian Project machines have been compromised. This is a very unfortunate incident to report about. Some Debian servers were found to have been compromised in the last 24 hours. The archive is not affected by this compromise! In particular the following machines have been affected: 'master' (Bug Tracking System), 'murphy' (mailing lists), 'gluck' (web, cvs), 'klecker' (security, non-us, web search, www-master). Some of these services are currently not available as the machines undergo close inspection. Some services have been moved to other machines (www.debian.org for example). The security archive will be verified from trusted sources before it
will become available again." They were going to announce 3.0r2 this morning; they've checked it and it's unaffected but obviously they're still postponing that release.
Obviously this ends the debate as to why Gentoo is obviously better than Debian. The compromised packages probably wouldn't even be finished compiling by the time the compromise was discovered.
(I run Gentoo on my laptop... don't flame me either way)
If this was some kind of attempt at a scale-of-economics exercize, it failed miserably.
Microsoft spends HUNDRESDS OF MILLIONS OF DOLLARS on Software Development. They have an economic drive to produce superior code. The Open Source "Community" does not. Who has a bigger liability? Who stands to lose BILLIONS of dollars?
If you're a programmer/developer at Microsoft and write crappy code or act as a "saboteur", you're fired - and in the case of the "saboteur" angle, you're arrested and charged with Felony Larceny.
In the "Open Source" community, if you write crappy code you're laughed at, and asked not to contribute code. BIG DEAL. If you're a "saboteur" in the Open Source "commune" (yes, I said "commune") you can't be arrested and charged with anything because by it's own definition the "Open Source" projects have no intrinsic value.
There is no economic imputus within the "Open Source" community, so any perceived "worth of work" is imaginary at best and hallucinatory at worst (and it looks like RMS has had at least 5 times his fair share of Hallucinations)
Your comments about "changes to the code" is hillarious - how did the backdoors get into OpenSSH; did they get there on their own?
The world should be vastly more sceptical of a software product that was produced virtually in an ad-hoc manner, and where any yutz who wanted to pass themselves off as a "c0d3r" could contribute code to such an important project than one where Interviews, background checks (including Law Enforcement) and security checks can identify potential troublemakers.
Apparently, no one ever remembers code compromises like those of the OpenSSH backdoor
This post is proof-positive that the Open Source community is run by hapless idiots who have NO concept of the world outside of their parent's basement and are either mentally stuck in writing code like they did in College ("d00d - can I borrow that piece of code??") or pine-away for those College days.
This is why all Open Software projects are doomed.
ScottKin
I don't give a rat's behind about "karma" here or anywhere else. Don't like what I have to say here? Deal with it!
This didnt really happen, because Linux is so secure it puts Windows to shame!
Manipulate the moderator system! Mod someone as "overrated" today.