Slashdot Mirror

← Back to Stories (view on slashdot.org)

Savannah Back Online With Extra Security

Posted by michael on from the beefed-up dept.

depesz writes "As we can read here, savannah is back online. After several weeks of downtime, all security problems are resolved, and the service is again operational."

13 of 172 comments (clear)

  1. Congratulations by xyzzy · · Score: 4, Insightful

    On yet another slashdot posting with absolutely zero informative content (except possibly to people who already knew what the article meant).

  2. Savanah is back online again by rxed · · Score: 5, Funny

    not anymore. is been slashdoted. :-)

    1. Re:Savanah is back online again by xie · · Score: 5, Informative

      Actually they are back "online" but reading here it seems most things won't be functional till "early January 2004".

  3. Questions by Scrameustache · · Score: 4, Insightful

    What is Savahna?
    Why was it not online?
    Why should I care?
    Where's the rocketpacks? We were promised rocketpacks...

    --

    You can't take the sky from me...

    1. Re:Questions by Anonymous Coward · · Score: 5, Informative
      What is Savannah?

      Savannah is a sort of "home base" for GNU Project developers. They can set up web sites for their projects, CVS repositories, mailing lists, post want-ads for developers, etc.

      Why was it not online?

      Early this month / late last month the system was compromised in some way. I'm not sure if anything was actually damaged or not, but it's best to try to keep things as secure as possible. Hence it was taken offline, reinstalled, and new security procedures have been (and are being) developed.

      Why should I care?

      If you're not a GNU developer, it has little immediate impact on you. It's one of those "just sharing" stories. :-)

      Where's the rocketpacks?

      I don't know, but I know that I don't have them.

    2. Re:Questions by erlenic · · Score: 5, Funny
      What is Savannah?
      Why was Savannah not online?

      From the looks of it, Google had no idea that the city of Savannah, GA in the US was offline. Come to think of it, neither did I. Well, I'm happy for everyone that lives there. I can't imagine living through several weeks of my city being offline.

  4. Obligatory Stallman Lingo by toupsie · · Score: 5, Funny

    Savannah wasn't hacked, it was GNU/0wn3d.

    --
    Strange women lying in ponds distributing swords is no basis for a system of government.
  5. Xen for better speration then chroot? by redhat421 · · Score: 4, Interesting
    When I looks a intrusions like this, I wonder if using something like Xen is a perfect fit for protecting projects from each other

    or perhaps as a backup known good environment.

  6. Answers by Anonymous Coward · · Score: 5, Informative

    Savannah is GNU's answer to SourceForge. Some GNU people don't like some of SF's terms for usage, so they run their own sf-style site.

    It was offline because it was compromised, presumably by the brk() hole recently discovered in Linux 2.4.x. (Fixed in the latest version.)

    You should care because now the authors of your favorite GNU software can be more productive. It also has serious implications to Linux 2.4 security.

    I don't know anything about rocket packs.

  7. What took them so long? by keesh · · Score: 4, Informative

    It took them weeks to realise that they'd been owned and months to fix anything. I think they need a few lessons from the Gentoo people...

  8. Re:Security ? by damiam · · Score: 5, Informative

    It's quite likely that that's a vendor version (from Debian stable?) that has had all relevant bugfixes and patches backported by the vendor. I really doubt they'd use the vanilla 1.3.26.

    --
    It's hard to be religious when certain people are never incinerated by bolts of lightning.
  9. Whoops - wrong Savannah by Anomalous+Cowturd · · Score: 4, Funny


    As we can read here, savannah is back online. After several weeks of downtime, all security problems are resolved, and the service is again operational.
    So, was I the only person who read the headline, *and* the blurb, and immediately thought of something completely different?

    --

    Java: the bastard demon spawn of C++ and Ada

  10. Re:Debian still down by Ben+Hutchings · · Score: 4, Interesting

    Debian has gradually been bringing services back online as the relevant files are verified and new passwords and keys generated. They are also tightening security in some ways, e.g. dropping pserver access to CVS servers. Alioth and www.debian.org are the latest services to be restored.