Slashdot Mirror


Gnome.org Compromised?

Garden GNOME writes "The GNOME sysadmin team has just announced that the main GNOME web server has probably been intruded into, leading to the shutdown of the GNOME website, (including bugzilla.gnome.org, art.gnome.org and developer.gnome.org). The GNOME mailing lists, and CVS servers seem to be up, though the FTP server was immediately taken down as a precautionary measure (released sources are believed to be intact). This is bad, because GNOME 2.6 was supposed to be released tomorrow. Let's hope it is a false alarm."

1 of 512 comments (clear)

  1. safe system for submitting code by Graphyx · · Score: 5, Interesting

    Here is what the devolopers should do.
    Each time they submit a file that they have made changes to in the cvs archive, then also hmac it and sign it with their private key. Then later on if the system was compromized you could go back and computer the hmac of the file to make sure it matches that which the programmer submitted it to be.

    And then even if the system was compromised you wouldn't have to question which ones were changed or not since it can be checked just by confirming the hmacs.

    The best design for security have perfect forward security. And a signed hmac would prove the validity of the file unless the signing key was compromised.