On Wed, 2010-11-24 at 11:25 +0100, Maarten Maathuis wrote:
If Adam indeed did this, and did not undo it afterwards, then he is
having at least some (mental) issues. He did the right thing by
disabling his admin account, because he obviously has some things to
sort out. While the action itself
Matthew Garrett wrote:
The lack of documentation for various aspects of the server doesn't help
either. I found X development far more intimidating than getting
involved in the kernel.
That is something we know we've been lacking for a long time, and have been
working to correct. So far
On Wed, Nov 24, 2010 at 02:56:32PM -0700, Matt Dew wrote:
This I'm curious about. Are there more companies that feel it's
too-hard/not-worth-while for companies to contribute stuff to Xorg?
I know the linux kernel has this issue, but is X's contribution
difficulty larger?
I think X faces
but simply being more enthusiastic about accepting contributions doesn't
seem like a great plan (compare the code quality of nouveau, intel and
radeon to that of some of the out of tree drivers, for instance)
I think that is a little naïve. There is a difference between vendors
attempting to
On Thu, Nov 25, 2010 at 09:23:38PM +, Alan Cox wrote:
but simply being more enthusiastic about accepting contributions doesn't
seem like a great plan (compare the code quality of nouveau, intel and
radeon to that of some of the out of tree drivers, for instance)
I think that is a
Luc Verhaegen l...@skynet.be writes:
On Wed, Nov 24, 2010 at 04:36:17PM +1000, Dave Airlie wrote:
On Wed, Nov 24, 2010 at 4:31 PM, Luc Verhaegen l...@skynet.be wrote:
See, this was exactly the problem here. It _was_ a freedesktop admin.
And it was pretty clear that it was that from the
On Wed, Nov 24, 2010 at 4:48 PM, Luc Verhaegen l...@skynet.be wrote:
On Wed, Nov 24, 2010 at 04:36:17PM +1000, Dave Airlie wrote:
On Wed, Nov 24, 2010 at 4:31 PM, Luc Verhaegen l...@skynet.be wrote:
See, this was exactly the problem here. It _was_ a freedesktop admin.
And it was pretty
On Wed, Nov 24, 2010 at 06:01:19PM +1000, Dave Airlie wrote:
On Wed, Nov 24, 2010 at 4:48 PM, Luc Verhaegen l...@skynet.be wrote:
On Wed, Nov 24, 2010 at 04:36:17PM +1000, Dave Airlie wrote:
On Wed, Nov 24, 2010 at 4:31 PM, Luc Verhaegen l...@skynet.be wrote:
See, this was exactly the
Hi,
Dave, thanks for the Cc. I've Cc-ed this to freedesktop@, since it's
really a bit more of a project-wide discussion than just xorg, but feel
free to keep both in Cc.
]] Frans de Boer
| Also, if it turns out to be a validated claim Adam made, accept it as
| is and continue. Hopefully Adam
On 24/11/10 18:00 , Eirik Byrkjeflot Anonsen wrote:
1. What systems do we have in place that enables us to detect when a
trusted admin acts in bad judgement or with evil intent? What
is the probability that such actions will be noticed? Can we do
anything to increase this
As far as I can see, all you've managed to do is to create a lot of
noise about what is, in itself, a fairly minor incident. Yes, it is
serious that a trusted admin abuses his powers. However, that happens
and will continue to happen. Humans are like that. We often show a
remarkable lack
On Wed, Nov 24, 2010 at 06:33:19PM +1000, Peter Hutterer wrote:
On 24/11/10 18:00 , Eirik Byrkjeflot Anonsen wrote:
1. What systems do we have in place that enables us to detect when a
trusted admin acts in bad judgement or with evil intent? What
is the probability that such actions
Luc,
I completely agree with you.
___
xorg@lists.freedesktop.org: X.Org support
Archives: http://lists.freedesktop.org/archives/xorg
Info: http://lists.freedesktop.org/mailman/listinfo/xorg
Your subscription address: arch...@mail-archive.com
On Wed, Nov 24, 2010 at 11:03 AM, Tim Beaulen tbsc...@gmail.com wrote:
Luc,
I completely agree with you.
___
xorg@lists.freedesktop.org: X.Org support
Archives: http://lists.freedesktop.org/archives/xorg
Info:
On 24/11/10 19:38 , Luc Verhaegen wrote:
On Wed, Nov 24, 2010 at 06:33:19PM +1000, Peter Hutterer wrote:
On 24/11/10 18:00 , Eirik Byrkjeflot Anonsen wrote:
1. What systems do we have in place that enables us to detect when a
trusted admin acts in bad judgement or with evil intent? What
See, this was exactly the problem here. It _was_ a freedesktop admin.
And it was pretty clear that it was that from the onset too. Mailing
fd.o admins, even if i could've dug up an email address in the split
second that i wrote the email (heck, i even mistyped repository), was
not the
Hi,
I've been mostly offline whilst moving, so have only read this through
web archives. As mentioned on IRC earlier, it was my account used.
My apologies: as ajax said, it's indefensible, and am not really sure
what else to say. I've suspended my root accounts as well.
That being said:
On
On Wed, Nov 24, 2010 at 11:18:20AM +, Alan Cox wrote:
He ensured the problem was noticed, and that it got out to people who
depend upon the repository being secure and properly managed. In this
case that turns out to have ensured the offender admitted to something
silly but if it had
On Wed, Nov 24, 2010 at 08:27:12PM +1000, Peter Hutterer wrote:
On 24/11/10 19:38 , Luc Verhaegen wrote:
Conspiracy theories?
I did not imply that you were the one starting with the conspiracy
theories, and I think strictly speaking there was no name-calling in
that thread either so I
Eirik Byrkjeflot Anonsen wrote:
2. What systems do we have in place that enables us to detect evil
commits once they actually make their way into the repository? What
is the probability that they will be noticed? Can we do anything to
increase this probability?
Distributed version
On Wed, Nov 24, 2010 at 6:58 AM, Luc Verhaegen l...@skynet.be wrote:
On Wed, Nov 24, 2010 at 08:27:12PM +1000, Peter Hutterer wrote:
On 24/11/10 19:38 , Luc Verhaegen wrote:
Conspiracy theories?
I did not imply that you were the one starting with the conspiracy
theories, and I think
On Wed, Nov 24, 2010 at 11:08:18AM -0500, Matt Turner wrote:
From the Phoronix forums, you say
Yeah, this was most definitely not a simple prank, as some people like to
claim.
What are you suggesting it was?
Do you really find this a simple prank? Or do you find this a flagrant
abuse
On Wed, Nov 24, 2010 at 5:12 PM, Luc Verhaegen l...@skynet.be wrote:
On Wed, Nov 24, 2010 at 11:08:18AM -0500, Matt Turner wrote:
From the Phoronix forums, you say
Yeah, this was most definitely not a simple prank, as some people like to
claim.
What are you suggesting it was?
Do you
drago01 wrote:
You pointed out the issue, we found out who did it, they apologized
for doing so and revoked their root access.
So what other actions do you want to be taken now?
If I may step in I suggest investing some time and developing some sort
of (formal) security concept. It's not
On Nov 23, 10 22:56:52 +, Alan Cox wrote:
It's on a separate branch, not master. (Doesn't mean it's right, just
that it's not actually going to cripple anything or waste time for anyone
who doesn't ask for it.)
And how many other un-noticed commits did this person make ? Until you
So, wearing my X11R7.6 Release Manager hat, I am willing to accept
that the git repositories are not known to be compromised by an
outside actor, and that we can go forward with development releases
as normal.
I had been quietly holding off on doing any more releases until the
issue was
But you also might want to consider that i was at a hardware vendor two
weeks ago, and i had to listen to their main engineer calling
contributing directly to X a waste of time, and that they rather fix
the versions their customers ship, and hand the patches to their
customers directly, never
Matt,
I think what you are asking is: is the Microsoft FUD working?
The answer is: yes.
Should we roll over and play dead? No, not me.
Freedom, as in free range,
Pat
---
On Wed, Nov 24, 2010 at 3:56 PM, Matt Dew m...@osource.org wrote:
This I'm curious about. Are there more companies
Radeonhd repo:
http://cgit.freedesktop.org/xorg/driver/xf86-video-radeonhd/commit/?h=spigot
author SPIGOT r...@jerkcity.com 2010-11-02 04:21:14 (GMT)
committer SPIGOT r...@jerkcity.com 2010-11-02 04:21:14 (GMT)
commit 231683e2f111bb064125f64f2da797d744cde7fa (patch)
...
PERHAPS
On Tue, Nov 23, 2010 at 01:32:30PM +0100, Luc Verhaegen wrote:
Radeonhd repo:
http://cgit.freedesktop.org/xorg/driver/xf86-video-radeonhd/commit/?h=spigot
authorSPIGOT r...@jerkcity.com 2010-11-02 04:21:14 (GMT)
committer SPIGOT r...@jerkcity.com 2010-11-02 04:21:14
On Tue, Nov 23, 2010 at 01:47:19PM +0100, Luc Verhaegen wrote:
On Tue, Nov 23, 2010 at 01:32:30PM +0100, Luc Verhaegen wrote:
Radeonhd repo:
http://cgit.freedesktop.org/xorg/driver/xf86-video-radeonhd/commit/?h=spigot
author SPIGOT r...@jerkcity.com 2010-11-02 04:21:14 (GMT)
On Tue, 2010-11-23 at 13:57 +0100, Luc Verhaegen wrote:
It is clear that this is not a normal security breach, as this
commit is
fully in line with the naming scheme used by fd.o. Plus, given the
history of radeonhd, combined with who i think have root access,
makes
it seem quite
On Tue, Nov 23, 2010 at 10:25:33AM -0500, Gaetan Nadon wrote:
On Tue, 2010-11-23 at 13:57 +0100, Luc Verhaegen wrote:
It is clear that this is not a normal security breach, as this
commit is
fully in line with the naming scheme used by fd.o. Plus, given the
history of radeonhd,
On Tue, Nov 23, 2010 at 4:27 PM, Luc Verhaegen l...@skynet.be wrote:
On Tue, Nov 23, 2010 at 10:25:33AM -0500, Gaetan Nadon wrote:
On Tue, 2010-11-23 at 13:57 +0100, Luc Verhaegen wrote:
It is clear that this is not a normal security breach, as this
commit is
fully in line with the
Gaetan Nadon wrote:
On Tue, 2010-11-23 at 13:57 +0100, Luc Verhaegen wrote:
It is clear that this is not a normal security breach, as this
commit is
fully in line with the naming scheme used by fd.o. Plus, given the
history of radeonhd, combined with who i think have root access, makes
On Tue, Nov 23, 2010 at 08:32:10AM -0800, Alan Coopersmith wrote:
Gaetan Nadon wrote:
On Tue, 2010-11-23 at 13:57 +0100, Luc Verhaegen wrote:
It is clear that this is not a normal security breach, as this
commit is
fully in line with the naming scheme used by fd.o. Plus, given the
On Tue, Nov 23, 2010 at 08:32:10AM -0800, Alan Coopersmith wrote:
Gaetan Nadon wrote:
On Tue, 2010-11-23 at 13:57 +0100, Luc Verhaegen wrote:
It is clear that this is not a normal security breach, as this
commit is
fully in line with the naming scheme used by fd.o. Plus, given the
LV == Luc Verhaegen l...@skynet.be writes:
LV So, who has root access to annarchy or any other of the servers, and who
LV thought this would be funny, and who deserves to lose his access right
LV here, right now?
s/annarchy/kemper/, yes? Annarchy is supposed to have a read-only nfs
mount of
It's on a separate branch, not master. (Doesn't mean it's right, just
that it's not actually going to cripple anything or waste time for anyone
who doesn't ask for it.)
And how many other un-noticed commits did this person make ? Until you
know that you have to assume a complete compromise.
On 11/23/2010 11:56 PM, Alan Cox wrote:
It's on a separate branch, not master. (Doesn't mean it's right, just
that it's not actually going to cripple anything or waste time for anyone
who doesn't ask for it.)
And how many other un-noticed commits did this person make ? Until you
know
On Tue, Nov 23, 2010 at 10:56:52PM +, Alan Cox wrote:
It's on a separate branch, not master. (Doesn't mean it's right, just
that it's not actually going to cripple anything or waste time for anyone
who doesn't ask for it.)
And how many other un-noticed commits did this person make ?
Luc Verhaegen wrote:
Still, would you really want to trust your code to freedesktop.org after
this, knowing that there's someone with root access pulling stunts like
this?
Feel free to keep your code somewhere else - oh wait, you already do.
--
-Alan Coopersmith-
Alan Cox wrote:
It's on a separate branch, not master. (Doesn't mean it's right, just
that it's not actually going to cripple anything or waste time for anyone
who doesn't ask for it.)
And how many other un-noticed commits did this person make ? Until you
know that you have to assume a
Frans de Boer wrote:
Just like to inquire whether the observed behavior was a real security
breach - someone introducing (maybe over time) a backdoor or the like -
or just sloppy behavior. In other words, can we still trust the xorg
repositories or are they compromised in some way?
People
What would you suggest should be done next? Checking logs for traces
of this? Those which could reveal this information might be gone already.
Looking for anything which is in the tree but not in or not matching the
mail archive. Sounds like a job for a perl nutter 8)
And chasing down who did
Frans de Boer wrote:
On 11/24/2010 12:40 AM, Alan Coopersmith wrote:
Frans de Boer wrote:
Just like to inquire whether the observed behavior was a real security
breach - someone introducing (maybe over time) a backdoor or the like -
or just sloppy behavior. In other words, can we still
On 11/24/2010 01:04 AM, Alan Coopersmith wrote:
Frans de Boer wrote:
On 11/24/2010 12:40 AM, Alan Coopersmith wrote:
Frans de Boer wrote:
Just like to inquire whether the observed behavior was a real security
breach - someone introducing (maybe over time) a backdoor or
On Tue, 2010-11-23 at 13:32 +0100, Luc Verhaegen wrote:
Radeonhd repo:
http://cgit.freedesktop.org/xorg/driver/xf86-video-radeonhd/commit/?h=spigot
authorSPIGOT r...@jerkcity.com 2010-11-02 04:21:14 (GMT)
committer SPIGOT r...@jerkcity.com 2010-11-02 04:21:14 (GMT)
On 11/24/2010 01:24 AM, Adam Jackson wrote:
On Tue, 2010-11-23 at 13:32 +0100, Luc Verhaegen wrote:
Radeonhd repo:
http://cgit.freedesktop.org/xorg/driver/xf86-video-radeonhd/commit/?h=spigot
author SPIGOT r...@jerkcity.com 2010-11-02 04:21:14 (GMT)
committerSPIGOT
On Wed, Nov 24, 2010 at 10:37 AM, Frans de Boer fr...@fransdb.nl wrote:
On 11/24/2010 01:24 AM, Adam Jackson wrote:
On Tue, 2010-11-23 at 13:32 +0100, Luc Verhaegen wrote:
Radeonhd repo:
http://cgit.freedesktop.org/xorg/driver/xf86-video-radeonhd/commit/?h=spigot
authorSPIGOT
On Wed, Nov 24, 2010 at 12:37 AM, Frans de Boer fr...@fransdb.nl wrote:
Thanks Adam,
Because of my unfamiliarity with the people involved with xorg, can anybody
verify the claim Adam made?
I can't verify it. But I had a pretty strong suspicion. :)
If it was just a misplaced competition
Thanks Adam,
Because of my unfamiliarity with the people involved with xorg, can anybody
verify the claim Adam made?
If it was just a misplaced competition effort, I can continue to rely on the
xorg code.
Also, if it turns out to be a validated claim Adam made, accept it as is and
On Wed, Nov 24, 2010 at 01:45:15AM +, Matt Turner wrote:
On Wed, Nov 24, 2010 at 12:37 AM, Frans de Boer fr...@fransdb.nl wrote:
Thanks Adam,
Because of my unfamiliarity with the people involved with xorg, can anybody
verify the claim Adam made?
I can't verify it. But I had a
On Tue, Nov 23, 2010 at 07:24:12PM -0500, Adam Jackson wrote:
On Tue, 2010-11-23 at 13:32 +0100, Luc Verhaegen wrote:
Radeonhd repo:
http://cgit.freedesktop.org/xorg/driver/xf86-video-radeonhd/commit/?h=spigot
author SPIGOT r...@jerkcity.com 2010-11-02 04:21:14 (GMT)
On Tue, Nov 23, 2010 at 03:40:49PM -0800, Alan Coopersmith wrote:
Frans de Boer wrote:
Just like to inquire whether the observed behavior was a real security
breach - someone introducing (maybe over time) a backdoor or the like -
or just sloppy behavior. In other words, can we still trust
On Tue, Nov 23, 2010 at 03:36:58PM -0800, Alan Coopersmith wrote:
Alan Cox wrote:
It's on a separate branch, not master. (Doesn't mean it's right, just
that it's not actually going to cripple anything or waste time for anyone
who doesn't ask for it.)
And how many other un-noticed
On Wed, Nov 24, 2010 at 4:31 PM, Luc Verhaegen l...@skynet.be wrote:
On Tue, Nov 23, 2010 at 03:36:58PM -0800, Alan Coopersmith wrote:
Alan Cox wrote:
It's on a separate branch, not master. (Doesn't mean it's right, just
that it's not actually going to cripple anything or waste time for
On Wed, Nov 24, 2010 at 04:36:17PM +1000, Dave Airlie wrote:
On Wed, Nov 24, 2010 at 4:31 PM, Luc Verhaegen l...@skynet.be wrote:
See, this was exactly the problem here. It _was_ a freedesktop admin.
And it was pretty clear that it was that from the onset too. Mailing
fd.o admins, even if
58 matches
Mail list logo