The Savannah Compromise - what really happened?
Posted Jan 1, 2004 19:55 UTC (Thu) by rao
Parent article: The Savannah Compromise - what really happened?
The Savannah codebase and infrastructure was audited after the compromise to find potential security holes that the cracker could have used. CVS 1.12.5 and 1.11.11 were released on 2003-12-18 as a direct result of that work. Futher details on CVS will be released in the coming days. Services are being brought back up on Savannah as they are secured. For instance, under the new Savannah setup, each software project's CVS repository resides in its own chroot, and other essential system services also reside in their own chroots. The FSF and Savannah volunteers have taken this compromise very seriously, and we've taken steps to limit the damage from any future compromises.
Free Software Foundation
to post comments)