Re: network security..
- From: Owen Taylor <otaylor redhat com>
- To: Sriram Ramkrishna <sri ramkrishna me>
- Cc: GNOME Infrastructure <gnome-infrastructure gnome org>
- Subject: Re: network security..
- Date: Thu, 13 Oct 2011 18:13:04 -0400
On Thu, 2011-10-13 at 14:22 -0700, Sriram Ramkrishna wrote:
> So with the recent hacking into kernel.org, and Linux foundation
> websites, and just recently I learned that winehq's application
> database also being compromised, I'm wondering if we should be be
> looking to making sure we are safe? I have the impression that FOSS
> sites are new targets for black hat hackers. I would hate to see
> ourselves compromised like the kernel folks. I know kernel hackers
> have taken this very seriously. I wish I had brought it up before
> Montreal Summit, but alas.
>
> If there is nothing to do here, then that's great. I just want to
> bring the question up.
The two most immediate things that come to mind, that would be good:
Finish sealing master.gnome.org so you don't need to log in
Disable all git accounts that haven't been active in the last 24 months
I don't think that asking our users to change their SSH keys has much
value, and we generally don't have passwords that a user would be
able to share with another site.
(live.gnome.org and bugzilla.gnome.org do, but they are relatively
uninteresting for someone gaining unauthorized access.)
- Owen
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
