Debian Project Servers Compromised

Sean was one of many to pass along the bad news from the debian-announce mailing list: "Some Debian Project machines have been compromised. This is a very unfortunate incident to report about. Some Debian servers were found to have been compromised in the last 24 hours. The archive is not affected by this compromise! In particular the following machines have been affected: 'master' (Bug Tracking System), 'murphy' (mailing lists), 'gluck' (web, cvs), 'klecker' (security, non-us, web search, www-master). Some of these services are currently not available as the machines undergo close inspection. Some services have been moved to other machines (www.debian.org for example). The security archive will be verified from trusted sources before it will become available again." They were going to announce 3.0r2 this morning; they've checked it and it's unaffected but obviously they're still postponing that release.

...not the archive.

[DShard]

What's the point of doing this if you don't effect the distribution. Seems pretty insipid to me.

Re:...not the archive.

[JPelorat]

The same point as any other type of wanton destruction is committed - for the sake of it.

Bad days for Debian

[Espectr0]

They name themselves as the developers of the most secure linux version out there, and they get compromised just before the 3.0r2 release. That's got to hurt their credibility.