[OT] Re: Infrastructer back online?
Greetings, On Sat, Januar 10 2004 at 04:22 Matt Zimmerman wrote: > On Sat, Jan 10, 2004 at 03:22:15AM +, Nick Boyce wrote: > > On Wed, 7 Jan 2004 19:43:02 -0800, Matt Zimmerman wrote: > > >On Thu, Jan 08, 2004 at 04:08:23AM +0100, Martin Helas wrote: > > >> Am Mi Jan 07, 2004 at 06:5432 -0800 gab Matt Zimmerman <[EMAIL > > >> PROTECTED]> von sich: > > >> > On Wed, Jan 07, 2004 at 10:35:30PM +0100, Jan L??hr wrote: > > >> > > noticing the increasing amount of secure-adv I'd like to ask, > > >> > > wheter the buid-deamons are back or wheter another issue is > > >> > > increasing the amount of advs rapidly. > > >> > > > >> > Everything is working again. > > >> > > >> what's about p.d.o ? > > > > > >There is more than one p.d.o and only one of them is not operational. > > > That has nothing to do with security, thankfully. > > > > Erm .. people.debian.org is back online, though some people seem to be > > missing from it. And packages.debian.org is still offline, > Any guesses when he is inspected to be only again? Is it going to to take days or weeks? Keep smiling yanosz
[OT] Re: Infrastructer back online?
Greetings, On Sat, Januar 10 2004 at 04:22 Matt Zimmerman wrote: > On Sat, Jan 10, 2004 at 03:22:15AM +, Nick Boyce wrote: > > On Wed, 7 Jan 2004 19:43:02 -0800, Matt Zimmerman wrote: > > >On Thu, Jan 08, 2004 at 04:08:23AM +0100, Martin Helas wrote: > > >> Am Mi Jan 07, 2004 at 06:5432 -0800 gab Matt Zimmerman <[EMAIL PROTECTED]> von sich: > > >> > On Wed, Jan 07, 2004 at 10:35:30PM +0100, Jan L??hr wrote: > > >> > > noticing the increasing amount of secure-adv I'd like to ask, > > >> > > wheter the buid-deamons are back or wheter another issue is > > >> > > increasing the amount of advs rapidly. > > >> > > > >> > Everything is working again. > > >> > > >> what's about p.d.o ? > > > > > >There is more than one p.d.o and only one of them is not operational. > > > That has nothing to do with security, thankfully. > > > > Erm .. people.debian.org is back online, though some people seem to be > > missing from it. And packages.debian.org is still offline, > Any guesses when he is inspected to be only again? Is it going to to take days or weeks? Keep smiling yanosz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Infrastructer back online?
On Fri, Jan 09, 2004 at 10:51:55PM -0500, Tim Cunningham wrote: >On Sat, 10 Jan 2004 03:22:15 + >Nick Boyce <[EMAIL PROTECTED]> wrote: >> Which is the announcement about the November compromise. >> That makes it sound like it _is_ a security issue .. > >I think he ment that it wasn't important to maintaining the security of >Debian. maybe, but when I read this: On Wed, Jan 07, 2004 at 06:54:32PM -0800, Matt Zimmerman wrote: >On Wed, Jan 07, 2004 at 10:35:30PM +0100, Jan L??hr wrote: > >> noticing the increasing amount of secure-adv I'd like to ask, wheter the >> buid-deamons are back or wheter another issue is increasing the amount of >> advs rapidly. > >Everything is working again. I have to think I'm either missing the meaning of everything or working. esp when I look on packages.debian.org, which I would intuitively refer to as the debian archive. Does this mean everything is correctly under construction? -- and I needn't worry about anything I cannot make sense of? (Things will only get better now..) I certainly feel I'm being wedged into the same corner as when I got security urgency=high updates before security.debian.org was taken off line and an announcement that debian.org was compromised. (Compulsion to audit _everything_.) But I did later learn that all that coincided with r2 (the new packages wern't urgent and all the urgent packages where old updates), and therefore I was current and safe through it, even though I didn't get an r2 announcement, or timely supplementary info. Maybe my nerves would have been calmer if I was following IRC, where I guess the news was? Hey, what happened, happened. My point is that even if there was no more information or more timely distribution of technical facts, more verbosity as to threat assessment, hypothesis and conclusion, would have made a world of difference for the humans depending on the debian integrity; via third party website or otherwise. If that can be accepted, then my second observation is the complete lack of post mortem commentary of the forensics used. What percentage of debian users know how to mount -oloop a dd image? What _is_ the next step? In the spirit of GNU/debian I would hope the technical leads would have some volition to mentor less skilled admins on the techniques used to unwind the messr. I haven't _looked_ for post mortem notes but I'm surprised not to have so much as heard that they are around. // George -- GEORGE GEORGALIS, System Admin/Architectcell: 646-331-2027< Security Services, Web, Mail,mailto:[EMAIL PROTECTED] Multimedia, DB, DNS and Metrics. http://www.galis.org/george
Re: Infrastructer back online?
On Fri, Jan 09, 2004 at 10:51:55PM -0500, Tim Cunningham wrote: >On Sat, 10 Jan 2004 03:22:15 + >Nick Boyce <[EMAIL PROTECTED]> wrote: >> Which is the announcement about the November compromise. >> That makes it sound like it _is_ a security issue .. > >I think he ment that it wasn't important to maintaining the security of >Debian. maybe, but when I read this: On Wed, Jan 07, 2004 at 06:54:32PM -0800, Matt Zimmerman wrote: >On Wed, Jan 07, 2004 at 10:35:30PM +0100, Jan L??hr wrote: > >> noticing the increasing amount of secure-adv I'd like to ask, wheter the >> buid-deamons are back or wheter another issue is increasing the amount of >> advs rapidly. > >Everything is working again. I have to think I'm either missing the meaning of everything or working. esp when I look on packages.debian.org, which I would intuitively refer to as the debian archive. Does this mean everything is correctly under construction? -- and I needn't worry about anything I cannot make sense of? (Things will only get better now..) I certainly feel I'm being wedged into the same corner as when I got security urgency=high updates before security.debian.org was taken off line and an announcement that debian.org was compromised. (Compulsion to audit _everything_.) But I did later learn that all that coincided with r2 (the new packages wern't urgent and all the urgent packages where old updates), and therefore I was current and safe through it, even though I didn't get an r2 announcement, or timely supplementary info. Maybe my nerves would have been calmer if I was following IRC, where I guess the news was? Hey, what happened, happened. My point is that even if there was no more information or more timely distribution of technical facts, more verbosity as to threat assessment, hypothesis and conclusion, would have made a world of difference for the humans depending on the debian integrity; via third party website or otherwise. If that can be accepted, then my second observation is the complete lack of post mortem commentary of the forensics used. What percentage of debian users know how to mount -oloop a dd image? What _is_ the next step? In the spirit of GNU/debian I would hope the technical leads would have some volition to mentor less skilled admins on the techniques used to unwind the messr. I haven't _looked_ for post mortem notes but I'm surprised not to have so much as heard that they are around. // George -- GEORGE GEORGALIS, System Admin/Architectcell: 646-331-2027< Security Services, Web, Mail,mailto:[EMAIL PROTECTED] Multimedia, DB, DNS and Metrics. http://www.galis.org/george -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Infrastructer back online?
On Sat, 10 Jan 2004 03:22:15 + Nick Boyce <[EMAIL PROTECTED]> wrote: > Which is the announcement about the November compromise. > That makes it sound like it _is_ a security issue .. I think he ment that it wasn't important to maintaining the security of Debian. Tim pgpqLbCINj1fF.pgp Description: PGP signature
Re: Infrastructer back online?
On Sat, Jan 10, 2004 at 03:22:15AM +, Nick Boyce wrote: > On Wed, 7 Jan 2004 19:43:02 -0800, Matt Zimmerman wrote: > > >On Thu, Jan 08, 2004 at 04:08:23AM +0100, Martin Helas wrote: > > > >> Am Mi Jan 07, 2004 at 06:5432 -0800 gab Matt Zimmerman <[EMAIL PROTECTED]> > >> von sich: > >> > On Wed, Jan 07, 2004 at 10:35:30PM +0100, Jan L??hr wrote: > >> > > >> > > noticing the increasing amount of secure-adv I'd like to ask, wheter > >> > > the > >> > > buid-deamons are back or wheter another issue is increasing the amount > >> > > of > >> > > advs rapidly. > >> > > >> > Everything is working again. > >> > >> what's about p.d.o ? > > > >There is more than one p.d.o and only one of them is not operational. That > >has nothing to do with security, thankfully. > > Erm .. people.debian.org is back online, though some people seem to be > missing from it. And packages.debian.org is still offline, Exactly. -- - mdz
Re: Infrastructer back online?
On Wed, 7 Jan 2004 19:43:02 -0800, Matt Zimmerman wrote: >On Thu, Jan 08, 2004 at 04:08:23AM +0100, Martin Helas wrote: > >> Am Mi Jan 07, 2004 at 06:5432 -0800 gab Matt Zimmerman <[EMAIL PROTECTED]> >> von sich: >> > On Wed, Jan 07, 2004 at 10:35:30PM +0100, Jan L??hr wrote: >> > >> > > noticing the increasing amount of secure-adv I'd like to ask, wheter the >> > > buid-deamons are back or wheter another issue is increasing the amount >> > > of >> > > advs rapidly. >> > >> > Everything is working again. >> >> what's about p.d.o ? > >There is more than one p.d.o and only one of them is not operational. That >has nothing to do with security, thankfully. Erm .. people.debian.org is back online, though some people seem to be missing from it. And packages.debian.org is still offline, and its homepage states : packages.debian.org is down at the moment. Please see this announcement (http://www.debian.org/News/2003/20031121) for more details Which is the announcement about the November compromise. That makes it sound like it _is_ a security issue .. Nick Boyce Bristol, UK -- "Ok spammer, I'll 'just hit delete'. You can be 'Delete'." -- Ron "SuperTroll" Ritzman, NANAE
Re: Infrastructer back online?
On Sat, 10 Jan 2004 03:22:15 + Nick Boyce <[EMAIL PROTECTED]> wrote: > Which is the announcement about the November compromise. > That makes it sound like it _is_ a security issue .. I think he ment that it wasn't important to maintaining the security of Debian. Tim pgp0.pgp Description: PGP signature
Re: Infrastructer back online?
On Sat, Jan 10, 2004 at 03:22:15AM +, Nick Boyce wrote: > On Wed, 7 Jan 2004 19:43:02 -0800, Matt Zimmerman wrote: > > >On Thu, Jan 08, 2004 at 04:08:23AM +0100, Martin Helas wrote: > > > >> Am Mi Jan 07, 2004 at 06:5432 -0800 gab Matt Zimmerman <[EMAIL PROTECTED]> von > >> sich: > >> > On Wed, Jan 07, 2004 at 10:35:30PM +0100, Jan L??hr wrote: > >> > > >> > > noticing the increasing amount of secure-adv I'd like to ask, wheter the > >> > > buid-deamons are back or wheter another issue is increasing the amount of > >> > > advs rapidly. > >> > > >> > Everything is working again. > >> > >> what's about p.d.o ? > > > >There is more than one p.d.o and only one of them is not operational. That > >has nothing to do with security, thankfully. > > Erm .. people.debian.org is back online, though some people seem to be > missing from it. And packages.debian.org is still offline, Exactly. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Infrastructer back online?
On Wed, 7 Jan 2004 19:43:02 -0800, Matt Zimmerman wrote: >On Thu, Jan 08, 2004 at 04:08:23AM +0100, Martin Helas wrote: > >> Am Mi Jan 07, 2004 at 06:5432 -0800 gab Matt Zimmerman <[EMAIL PROTECTED]> von sich: >> > On Wed, Jan 07, 2004 at 10:35:30PM +0100, Jan L??hr wrote: >> > >> > > noticing the increasing amount of secure-adv I'd like to ask, wheter the >> > > buid-deamons are back or wheter another issue is increasing the amount of >> > > advs rapidly. >> > >> > Everything is working again. >> >> what's about p.d.o ? > >There is more than one p.d.o and only one of them is not operational. That >has nothing to do with security, thankfully. Erm .. people.debian.org is back online, though some people seem to be missing from it. And packages.debian.org is still offline, and its homepage states : packages.debian.org is down at the moment. Please see this announcement (http://www.debian.org/News/2003/20031121) for more details Which is the announcement about the November compromise. That makes it sound like it _is_ a security issue .. Nick Boyce Bristol, UK -- "Ok spammer, I'll 'just hit delete'. You can be 'Delete'." -- Ron "SuperTroll" Ritzman, NANAE -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Infrastructer back online?
hello > There is more than one p.d.o and only one of them is not operational. which one is that ? would be nice to have, I'm giving linux courses... regards andré -- Andre Roth | <[EMAIL PROTECTED]> GPG: FADF988E| 0959 4D7C F8ED DF4B 90A6 CF71 9EDF 52D1 FADF 988E pgpM2Cro49pHv.pgp Description: PGP signature
Re: Infrastructer back online?
hello > There is more than one p.d.o and only one of them is not operational. which one is that ? would be nice to have, I'm giving linux courses... regards andré -- Andre Roth | <[EMAIL PROTECTED]> GPG: FADF988E| 0959 4D7C F8ED DF4B 90A6 CF71 9EDF 52D1 FADF 988E pgp0.pgp Description: PGP signature
Re: Infrastructer back online?
On Thu, Jan 08, 2004 at 04:08:23AM +0100, Martin Helas wrote: > Am Mi Jan 07, 2004 at 06:5432 -0800 gab Matt Zimmerman <[EMAIL PROTECTED]> > von sich: > > On Wed, Jan 07, 2004 at 10:35:30PM +0100, Jan L??hr wrote: > > > > > noticing the increasing amount of secure-adv I'd like to ask, wheter the > > > buid-deamons are back or wheter another issue is increasing the amount of > > > advs rapidly. > > > > Everything is working again. > > what's about p.d.o ? There is more than one p.d.o and only one of them is not operational. That has nothing to do with security, thankfully. -- - mdz
Re: Infrastructer back online?
Am Mi Jan 07, 2004 at 06:5432 -0800 gab Matt Zimmerman <[EMAIL PROTECTED]> von sich: > On Wed, Jan 07, 2004 at 10:35:30PM +0100, Jan L??hr wrote: > > > noticing the increasing amount of secure-adv I'd like to ask, wheter the > > buid-deamons are back or wheter another issue is increasing the amount of > > advs rapidly. > > Everything is working again. what's about p.d.o ? -- Regards,| Debian GNU / / _ _ _ _ _ __ __ . | / /__ / / / \// //_// \ \/ / Martin Helas| // /_/ /_/\/ /___/ /_/\_\ mailto:[EMAIL PROTECTED] | because reboots are for hardware upgrades. PGP-Fingerprint: 1474 4CAC EF5C ECFA E29E 2CB1 7929 AB90 F7AC 3AF signature.asc Description: Digital signature
Re: Infrastructer back online?
On Wed, Jan 07, 2004 at 10:35:30PM +0100, Jan L??hr wrote: > noticing the increasing amount of secure-adv I'd like to ask, wheter the > buid-deamons are back or wheter another issue is increasing the amount of > advs rapidly. Everything is working again. -- - mdz
Re: Infrastructer back online?
On Thu, Jan 08, 2004 at 04:08:23AM +0100, Martin Helas wrote: > Am Mi Jan 07, 2004 at 06:5432 -0800 gab Matt Zimmerman <[EMAIL PROTECTED]> von sich: > > On Wed, Jan 07, 2004 at 10:35:30PM +0100, Jan L??hr wrote: > > > > > noticing the increasing amount of secure-adv I'd like to ask, wheter the > > > buid-deamons are back or wheter another issue is increasing the amount of > > > advs rapidly. > > > > Everything is working again. > > what's about p.d.o ? There is more than one p.d.o and only one of them is not operational. That has nothing to do with security, thankfully. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Infrastructer back online?
Am Mi Jan 07, 2004 at 06:5432 -0800 gab Matt Zimmerman <[EMAIL PROTECTED]> von sich: > On Wed, Jan 07, 2004 at 10:35:30PM +0100, Jan L??hr wrote: > > > noticing the increasing amount of secure-adv I'd like to ask, wheter the > > buid-deamons are back or wheter another issue is increasing the amount of > > advs rapidly. > > Everything is working again. what's about p.d.o ? -- Regards,| Debian GNU / / _ _ _ _ _ __ __ . | / /__ / / / \// //_// \ \/ / Martin Helas| // /_/ /_/\/ /___/ /_/\_\ mailto:[EMAIL PROTECTED] | because reboots are for hardware upgrades. PGP-Fingerprint: 1474 4CAC EF5C ECFA E29E 2CB1 7929 AB90 F7AC 3AF signature.asc Description: Digital signature
Re: Infrastructer back online?
On Wed, Jan 07, 2004 at 10:35:30PM +0100, Jan L??hr wrote: > noticing the increasing amount of secure-adv I'd like to ask, wheter the > buid-deamons are back or wheter another issue is increasing the amount of > advs rapidly. Everything is working again. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Infrastructer back online?
Greetings, noticing the increasing amount of secure-adv I'd like to ask, wheter the buid-deamons are back or wheter another issue is increasing the amount of advs rapidly. Keep smiling yanosz
Infrastructer back online?
Greetings, noticing the increasing amount of secure-adv I'd like to ask, wheter the buid-deamons are back or wheter another issue is increasing the amount of advs rapidly. Keep smiling yanosz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]