LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Gentoo rsync server compromised

Gentoo rsync server compromised

Posted Dec 3, 2003 22:04 UTC (Wed) by ordonnateur (guest, #6652)
Parent article: Gentoo rsync server compromised

I doubt a conspiracy, two distributions compromised is not that statistically improbable.
Both no doubt had large numbers of developer accounts, highly probable that some will be
careless about the security of thier own passwords etc.
On the other hand there has been a worry about Gentoo's security for some time; not , that
is, Gentoo itself, but the method of validating the updating of the portage/ebuild system. As
a user of gentoo for servers I would welcome a focus on this basic issue rather than what
seems at times to be an unmanageble sprawl of sub-projects and undocumented
enhancements.

(Log in to post comments)

Gentoo rsync server compromised

Posted Dec 3, 2003 22:51 UTC (Wed) by piman (subscriber, #8957) [Link]

Ignoring issues of Gentoo's developer acceptance process, I do think there is cause to worry. This isn't just Debian and Gentoo -- in a short period of time, it has been GNU, Linux, Debian, Gentoo, and now GNU again. I would strongly encourage Fedora, Mandrake, OSI, etc, to watch their servers very closely.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds