Re: Respository vandalism by r...@...fd.o
On Wed, Nov 24, 2010 at 04:36:17PM +1000, Dave Airlie wrote: > On Wed, Nov 24, 2010 at 4:31 PM, Luc Verhaegen wrote: > > > > See, this was exactly the problem here. It _was_ a freedesktop admin. > > And it was pretty clear that it was that from the onset too. Mailing > > fd.o admins, even if i could've dug up an email address in the split > > second that i wrote the email (heck, i even mistyped repository), was > > not the right course of action. > > So you mailed 2 mailing lists consisting of 2-300 people who could do > nothing about it? > > nice work. > > Dave. Heh. I already wasted quite some time on the actions of one of your colleagues, i guess i can waste some more time on yours. Stop the counter-attack dave, it's far too obvious what you are doing here. The means to the end were perfectly justifiable under the circumstances, and this includes the years of experience i have with dealing with X.org community. This especially includes the experience of something as noble as the radeonhd driver project. Anything else than a similar course action would've meant that the issue would've been silenced to death. Luc Verhaegen. ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
On Wed, Nov 24, 2010 at 4:31 PM, Luc Verhaegen wrote: > On Tue, Nov 23, 2010 at 03:36:58PM -0800, Alan Coopersmith wrote: >> Alan Cox wrote: >> >> It's on a separate branch, not master. (Doesn't mean it's right, just >> >> that it's not actually going to cripple anything or waste time for anyone >> >> who doesn't ask for it.) >> > >> > And how many other un-noticed commits did this person make ? Until you >> > know that you have to assume a complete compromise. >> >> Understood, but you'll also understand that's something we have to ask the >> freedesktop.org admins to investigate. Like most X.Org developers, I >> can't even login to the server hosting git other than with the restricted >> shell used for git pushes. > > See, this was exactly the problem here. It _was_ a freedesktop admin. > And it was pretty clear that it was that from the onset too. Mailing > fd.o admins, even if i could've dug up an email address in the split > second that i wrote the email (heck, i even mistyped repository), was > not the right course of action. So you mailed 2 mailing lists consisting of 2-300 people who could do nothing about it? nice work. Dave. ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
On Tue, Nov 23, 2010 at 03:36:58PM -0800, Alan Coopersmith wrote: > Alan Cox wrote: > >> It's on a separate branch, not master. (Doesn't mean it's right, just > >> that it's not actually going to cripple anything or waste time for anyone > >> who doesn't ask for it.) > > > > And how many other un-noticed commits did this person make ? Until you > > know that you have to assume a complete compromise. > > Understood, but you'll also understand that's something we have to ask the > freedesktop.org admins to investigate. Like most X.Org developers, I > can't even login to the server hosting git other than with the restricted > shell used for git pushes. See, this was exactly the problem here. It _was_ a freedesktop admin. And it was pretty clear that it was that from the onset too. Mailing fd.o admins, even if i could've dug up an email address in the split second that i wrote the email (heck, i even mistyped repository), was not the right course of action. Luc Verhaegen. ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
On Tue, Nov 23, 2010 at 03:40:49PM -0800, Alan Coopersmith wrote: > Frans de Boer wrote: > > Just like to inquire whether the observed behavior was a real security > > breach - someone introducing (maybe over time) a backdoor or the like - > > or just sloppy behavior. In other words, can we still trust the xorg > > repositories or are they compromised in some way? > > > > People and companies depend on xorg functionality without backdoors or > > the like. At the first sign of xorg repositories being compromised, I > > have to pull the plug on systems relying on xorg functionality. Please > > make sure what really happened and then inform the community. this > > thread only give rise to fears without - so it seems - verified facts. > > Yes, the original poster's announcement to the list in general and directly > to phoronix without notifying the developers or admins first seems to have > been designed to do exactly that - raise fears without facts. Alan, You know that i've been with X.org for long enough to know what works and what gets muffled. The fact that you and others are continuously downplaying this proves that i took the right course of action. About mailing the board, well, the board is not exactly the fastest of organs, even though i feel that it has become better since the last elections and the crap throwing that happened before and after them. Luc Verhaegen. ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
On Tue, Nov 23, 2010 at 07:24:12PM -0500, Adam Jackson wrote: > On Tue, 2010-11-23 at 13:32 +0100, Luc Verhaegen wrote: > > Radeonhd repo: > > http://cgit.freedesktop.org/xorg/driver/xf86-video-radeonhd/commit/?h=spigot > > > > author SPIGOT 2010-11-02 04:21:14 (GMT) > > committer SPIGOT 2010-11-02 04:21:14 (GMT) > > commit 231683e2f111bb064125f64f2da797d744cde7fa (patch) > > ... > > PERHAPS BONGHITS WILL FIX MY MAKEFILE > > Signed-off-by: SPIGOT > > > > Very funny, but the person responsible forgot that maybe, this puts the > > whole trust in anything on fd.o at risk. > > That was me. Serious lapse in judgement on my part. I pretty much did > it to get a rise out of Luc; looks like I succeeded. But it's > indefensible, and I apologize. I'm kind of in a bad place emotionally > and I should know better than to act that out in public. > > I've disabled my root accounts on the fd.o machines. I don't trust me > with them anymore either. > > - ajax I can't see why. You know tons of ways to trigger me, without compromising X.org or fd.o. Luc Verhaegen. ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
On Wed, Nov 24, 2010 at 01:45:15AM +, Matt Turner wrote: > On Wed, Nov 24, 2010 at 12:37 AM, Frans de Boer wrote: > > Thanks Adam, > > > > Because of my unfamiliarity with the people involved with xorg, can anybody > > verify the claim Adam made? > > I can't verify it. But I had a pretty strong suspicion. :) > > > If it was just a misplaced competition effort, I can continue to rely on the > > xorg code. > > It was a prank. I'm sure he didn't foresee people getting this anxious over > it. > > > Also, if it turns out to be a validated claim Adam made, accept it as is and > > continue. Hopefully Adam has learned his lesson. But also Freedesktop.org > > should have it's act together. Do check the access rights and allow only > > trusted persons root access. Hopefully Adam was NOT one of them they trusted > > explicitly and he has only access due to historical reasons. > > Adam was trusted, and is still trusted I'd say. Because it was a joke. > He made a funny commit in a branch of a dead project that no one has > even committed build fixes to since May. No one, especially Adam, is > going to insert backdoors in the xserver or whatever it is you're > thinking. The guy has 28 commits to the xserver alone since 1.9 was > released on August 20. > > Matt This here is not a joke at all. Stop downplaying it. Luc Verhaegen. ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
>> >> Thanks Adam, >> >> Because of my unfamiliarity with the people involved with xorg, can anybody >> verify the claim Adam made? >> If it was just a misplaced competition effort, I can continue to rely on the >> xorg code. >> Also, if it turns out to be a validated claim Adam made, accept it as is and >> continue. Hopefully Adam has learned his lesson. But also Freedesktop.org >> should have it's act together. Do check the access rights and allow only >> trusted persons root access. Hopefully Adam was NOT one of them they trusted >> explicitly and he has only access due to historical reasons. > > Yes, and not sure about the rest. Freedesktop isn't some sort of paid > organisation here, you have a group of volunteers running some > machines tied together with a lot of bailing twine. It only recently > through the good graces of Collabora that fd.o got some paid > administration time directed at it at all (Tollef). Like we could > migrate all the stuff to machines that X.org control but we'd end up > with the same problems + another set of problems. > > Adam still does a lot of a/c maintenance for X.org and other projects, > these will now be have to be done by part-time admin which means even > longer delays on new a/cs. There is a major fd.o overhaul in the works > and maybe Tollef can provide some insight into it when he has time. I forgot to cc Tollef of course, and gmail sucks at forward/bouncing. Dave. ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
On Wed, Nov 24, 2010 at 12:37 AM, Frans de Boer wrote: > Thanks Adam, > > Because of my unfamiliarity with the people involved with xorg, can anybody > verify the claim Adam made? I can't verify it. But I had a pretty strong suspicion. :) > If it was just a misplaced competition effort, I can continue to rely on the > xorg code. It was a prank. I'm sure he didn't foresee people getting this anxious over it. > Also, if it turns out to be a validated claim Adam made, accept it as is and > continue. Hopefully Adam has learned his lesson. But also Freedesktop.org > should have it's act together. Do check the access rights and allow only > trusted persons root access. Hopefully Adam was NOT one of them they trusted > explicitly and he has only access due to historical reasons. Adam was trusted, and is still trusted I'd say. Because it was a joke. He made a funny commit in a branch of a dead project that no one has even committed build fixes to since May. No one, especially Adam, is going to insert backdoors in the xserver or whatever it is you're thinking. The guy has 28 commits to the xserver alone since 1.9 was released on August 20. Matt ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
On Wed, Nov 24, 2010 at 10:37 AM, Frans de Boer wrote: > On 11/24/2010 01:24 AM, Adam Jackson wrote: > > On Tue, 2010-11-23 at 13:32 +0100, Luc Verhaegen wrote: > > > Radeonhd repo: > http://cgit.freedesktop.org/xorg/driver/xf86-video-radeonhd/commit/?h=spigot > > authorSPIGOT 2010-11-02 04:21:14 (GMT) > committer SPIGOT 2010-11-02 04:21:14 (GMT) > commit231683e2f111bb064125f64f2da797d744cde7fa (patch) > ... > PERHAPS BONGHITS WILL FIX MY MAKEFILE > Signed-off-by: SPIGOT > > Very funny, but the person responsible forgot that maybe, this puts the > whole trust in anything on fd.o at risk. > > > That was me. Serious lapse in judgement on my part. I pretty much did > it to get a rise out of Luc; looks like I succeeded. But it's > indefensible, and I apologize. I'm kind of in a bad place emotionally > and I should know better than to act that out in public. > > I've disabled my root accounts on the fd.o machines. I don't trust me > with them anymore either. > > - ajax > > > ___ > xorg@lists.freedesktop.org: X.Org support > Archives: http://lists.freedesktop.org/archives/xorg > Info: http://lists.freedesktop.org/mailman/listinfo/xorg > Your subscription address: fr...@fransdb.nl > > Thanks Adam, > > Because of my unfamiliarity with the people involved with xorg, can anybody > verify the claim Adam made? > If it was just a misplaced competition effort, I can continue to rely on the > xorg code. > Also, if it turns out to be a validated claim Adam made, accept it as is and > continue. Hopefully Adam has learned his lesson. But also Freedesktop.org > should have it's act together. Do check the access rights and allow only > trusted persons root access. Hopefully Adam was NOT one of them they trusted > explicitly and he has only access due to historical reasons. Yes, and not sure about the rest. Freedesktop isn't some sort of paid organisation here, you have a group of volunteers running some machines tied together with a lot of bailing twine. It only recently through the good graces of Collabora that fd.o got some paid administration time directed at it at all (Tollef). Like we could migrate all the stuff to machines that X.org control but we'd end up with the same problems + another set of problems. Adam still does a lot of a/c maintenance for X.org and other projects, these will now be have to be done by part-time admin which means even longer delays on new a/cs. There is a major fd.o overhaul in the works and maybe Tollef can provide some insight into it when he has time. Dave. ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
On 11/24/2010 01:24 AM, Adam Jackson wrote: > On Tue, 2010-11-23 at 13:32 +0100, Luc Verhaegen wrote: > >> Radeonhd repo: >> http://cgit.freedesktop.org/xorg/driver/xf86-video-radeonhd/commit/?h=spigot >> >> author SPIGOT 2010-11-02 04:21:14 (GMT) >> committerSPIGOT 2010-11-02 04:21:14 (GMT) >> commit 231683e2f111bb064125f64f2da797d744cde7fa (patch) >> ... >> PERHAPS BONGHITS WILL FIX MY MAKEFILE >> Signed-off-by: SPIGOT >> >> Very funny, but the person responsible forgot that maybe, this puts the >> whole trust in anything on fd.o at risk. >> > That was me. Serious lapse in judgement on my part. I pretty much did > it to get a rise out of Luc; looks like I succeeded. But it's > indefensible, and I apologize. I'm kind of in a bad place emotionally > and I should know better than to act that out in public. > > I've disabled my root accounts on the fd.o machines. I don't trust me > with them anymore either. > > - ajax > > > > ___ > xorg@lists.freedesktop.org: X.Org support > Archives: http://lists.freedesktop.org/archives/xorg > Info: http://lists.freedesktop.org/mailman/listinfo/xorg > Your subscription address: fr...@fransdb.nl Thanks Adam, Because of my unfamiliarity with the people involved with xorg, can anybody verify the claim Adam made? If it was just a misplaced competition effort, I can continue to rely on the xorg code. Also, if it turns out to be a validated claim Adam made, accept it as is and continue. Hopefully Adam has learned his lesson. But also Freedesktop.org should have it's act together. Do check the access rights and allow only trusted persons root access. Hopefully Adam was NOT one of them they trusted explicitly and he has only access due to historical reasons. Frans. ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
On Tue, 2010-11-23 at 13:32 +0100, Luc Verhaegen wrote: > Radeonhd repo: > http://cgit.freedesktop.org/xorg/driver/xf86-video-radeonhd/commit/?h=spigot > > authorSPIGOT 2010-11-02 04:21:14 (GMT) > committer SPIGOT 2010-11-02 04:21:14 (GMT) > commit231683e2f111bb064125f64f2da797d744cde7fa (patch) > ... > PERHAPS BONGHITS WILL FIX MY MAKEFILE > Signed-off-by: SPIGOT > > Very funny, but the person responsible forgot that maybe, this puts the > whole trust in anything on fd.o at risk. That was me. Serious lapse in judgement on my part. I pretty much did it to get a rise out of Luc; looks like I succeeded. But it's indefensible, and I apologize. I'm kind of in a bad place emotionally and I should know better than to act that out in public. I've disabled my root accounts on the fd.o machines. I don't trust me with them anymore either. - ajax signature.asc Description: This is a digitally signed message part ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
On 11/24/2010 01:04 AM, Alan Coopersmith wrote: > Frans de Boer wrote: > >> On 11/24/2010 12:40 AM, Alan Coopersmith wrote: >> >>> Frans de Boer wrote: >>> >>> Just like to inquire whether the observed behavior was a real security breach - someone introducing (maybe over time) a backdoor or the like - or just sloppy behavior. In other words, can we still trust the xorg repositories or are they compromised in some way? People and companies depend on xorg functionality without backdoors or the like. At the first sign of xorg repositories being compromised, I have to pull the plug on systems relying on xorg functionality. Please make sure what really happened and then inform the community. this thread only give rise to fears without - so it seems - verified facts. >>> Yes, the original poster's announcement to the list in general and directly >>> to phoronix without notifying the developers or admins first seems to have >>> been designed to do exactly that - raise fears without facts. >>> >>> >>> >> Hm, are you willing to put both your hands in the fire for this claim? I >> just note that you use the word "seems", which indicates to me that you >> are not sure either. >> > My only claim was about the method in which the issue was announced to > drum up maximum attention before investigation could be held. > > >> Assumptions might bring only more fear and/or uncertainly about the >> integrity of the xorg code. >> > I have already stated that we need the freedesktop.org admins to investigate. > I am not going to hinder their investigation or waste anyone's time second > guessing them in public. > > Sorry, my email crossed yours I noticed. Please don't feel attacked or the like. I just sit still and await any further 'real' news for now. Frans. ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
Frans de Boer wrote: > On 11/24/2010 12:40 AM, Alan Coopersmith wrote: >> Frans de Boer wrote: >> >>> Just like to inquire whether the observed behavior was a real security >>> breach - someone introducing (maybe over time) a backdoor or the like - >>> or just sloppy behavior. In other words, can we still trust the xorg >>> repositories or are they compromised in some way? >>> >>> People and companies depend on xorg functionality without backdoors or >>> the like. At the first sign of xorg repositories being compromised, I >>> have to pull the plug on systems relying on xorg functionality. Please >>> make sure what really happened and then inform the community. this >>> thread only give rise to fears without - so it seems - verified facts. >>> >> Yes, the original poster's announcement to the list in general and directly >> to phoronix without notifying the developers or admins first seems to have >> been designed to do exactly that - raise fears without facts. >> >> > Hm, are you willing to put both your hands in the fire for this claim? I > just note that you use the word "seems", which indicates to me that you > are not sure either. My only claim was about the method in which the issue was announced to drum up maximum attention before investigation could be held. > Assumptions might bring only more fear and/or uncertainly about the > integrity of the xorg code. I have already stated that we need the freedesktop.org admins to investigate. I am not going to hinder their investigation or waste anyone's time second guessing them in public. -- -Alan Coopersmith-alan.coopersm...@oracle.com Oracle Solaris Platform Engineering: X Window System ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
> What would you suggest should be done next? Checking logs for traces > of this? Those which could reveal this information might be gone already. Looking for anything which is in the tree but not in or not matching the mail archive. Sounds like a job for a perl nutter 8) And chasing down who did it - because if its someone who did something silly while drunk one night they could save a whole lot of harm by just owning up and apologising. Alan ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
On 11/24/2010 12:40 AM, Alan Coopersmith wrote: > Frans de Boer wrote: > >> Just like to inquire whether the observed behavior was a real security >> breach - someone introducing (maybe over time) a backdoor or the like - >> or just sloppy behavior. In other words, can we still trust the xorg >> repositories or are they compromised in some way? >> >> People and companies depend on xorg functionality without backdoors or >> the like. At the first sign of xorg repositories being compromised, I >> have to pull the plug on systems relying on xorg functionality. Please >> make sure what really happened and then inform the community. this >> thread only give rise to fears without - so it seems - verified facts. >> > Yes, the original poster's announcement to the list in general and directly > to phoronix without notifying the developers or admins first seems to have > been designed to do exactly that - raise fears without facts. > > Hm, are you willing to put both your hands in the fire for this claim? I just note that you use the word "seems", which indicates to me that you are not sure either. Maybe just scrutinize the repository for integrity reasons and notify freedesktop.org of an assumed (but not yet confirmed) breach (if not done already). Also, ask developers to cross reference their code with the repository on freedesktop.org. Assumptions might bring only more fear and/or uncertainly about the integrity of the xorg code. Frans. ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
Frans de Boer wrote: > Just like to inquire whether the observed behavior was a real security > breach - someone introducing (maybe over time) a backdoor or the like - > or just sloppy behavior. In other words, can we still trust the xorg > repositories or are they compromised in some way? > > People and companies depend on xorg functionality without backdoors or > the like. At the first sign of xorg repositories being compromised, I > have to pull the plug on systems relying on xorg functionality. Please > make sure what really happened and then inform the community. this > thread only give rise to fears without - so it seems - verified facts. Yes, the original poster's announcement to the list in general and directly to phoronix without notifying the developers or admins first seems to have been designed to do exactly that - raise fears without facts. -- -Alan Coopersmith-alan.coopersm...@oracle.com Oracle Solaris Platform Engineering: X Window System ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
Alan Cox wrote: >> It's on a separate branch, not master. (Doesn't mean it's right, just >> that it's not actually going to cripple anything or waste time for anyone >> who doesn't ask for it.) > > And how many other un-noticed commits did this person make ? Until you > know that you have to assume a complete compromise. Understood, but you'll also understand that's something we have to ask the freedesktop.org admins to investigate. Like most X.Org developers, I can't even login to the server hosting git other than with the restricted shell used for git pushes. -- -Alan Coopersmith-alan.coopersm...@oracle.com Oracle Solaris Platform Engineering: X Window System ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
Luc Verhaegen wrote: > Still, would you really want to trust your code to freedesktop.org after > this, knowing that there's someone with root access pulling stunts like > this? Feel free to keep your code somewhere else - oh wait, you already do. -- -Alan Coopersmith-alan.coopersm...@oracle.com Oracle Solaris Platform Engineering: X Window System ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Any plan to promote coordinats to 32 bits?
Rémi Cardona wrote: > Le 23/11/2010 17:22, Alan Coopersmith a écrit : >> Several? I've yet to see many common monitors larger than 2560 pixels, >> so that's still 14 screens wide/high. > > http://insitu.lri.fr/Projects/WILD > > Yes this is research, yes we won't have that on our wrist watches any > time soon... > > But! InSitu's (virtual) wall is already 20480x6400 which is less than an > order of magnitude away from the 16bit limit. The next research team > that does this sort of insane setup will probably blow the limit. Right - DMX folks were worrying about this years ago - it's not outside the realm of special cases, just not the average desktop. -- -Alan Coopersmith-alan.coopersm...@oracle.com Oracle Solaris Platform Engineering: X Window System ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
On Tue, Nov 23, 2010 at 10:56:52PM +, Alan Cox wrote: > > It's on a separate branch, not master. (Doesn't mean it's right, just > > that it's not actually going to cripple anything or waste time for anyone > > who doesn't ask for it.) > > And how many other un-noticed commits did this person make ? Until you > know that you have to assume a complete compromise. > Alan, right! Even if this could be considered a less harmful thing that only happened in a newly created branch it'd be easy for this person to play lot more evil tricks somewhere else. What would you suggest should be done next? Checking logs for traces of this? Those which could reveal this information might be gone already. Cheers, Egbert. ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Any plan to promote coordinats to 32 bits?
Le 23/11/2010 17:22, Alan Coopersmith a écrit : > Several? I've yet to see many common monitors larger than 2560 pixels, > so that's still 14 screens wide/high. http://insitu.lri.fr/Projects/WILD Yes this is research, yes we won't have that on our wrist watches any time soon... But! InSitu's (virtual) wall is already 20480x6400 which is less than an order of magnitude away from the 16bit limit. The next research team that does this sort of insane setup will probably blow the limit. And we did have an X running on that (using metisse), fully capable of using the entire screen real estate. Food for thoughts :) Rémi ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
On 11/23/2010 11:56 PM, Alan Cox wrote: >> It's on a separate branch, not master. (Doesn't mean it's right, just >> that it's not actually going to cripple anything or waste time for anyone >> who doesn't ask for it.) >> > And how many other un-noticed commits did this person make ? Until you > know that you have to assume a complete compromise. > > Alan > ___ > xorg@lists.freedesktop.org: X.Org support > Archives: http://lists.freedesktop.org/archives/xorg > Info: http://lists.freedesktop.org/mailman/listinfo/xorg > Your subscription address: fr...@fransdb.nl > Just like to inquire whether the observed behavior was a real security breach - someone introducing (maybe over time) a backdoor or the like - or just sloppy behavior. In other words, can we still trust the xorg repositories or are they compromised in some way? People and companies depend on xorg functionality without backdoors or the like. At the first sign of xorg repositories being compromised, I have to pull the plug on systems relying on xorg functionality. Please make sure what really happened and then inform the community. this thread only give rise to fears without - so it seems - verified facts. Frans. ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
> It's on a separate branch, not master. (Doesn't mean it's right, just > that it's not actually going to cripple anything or waste time for anyone > who doesn't ask for it.) And how many other un-noticed commits did this person make ? Until you know that you have to assume a complete compromise. Alan ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
> "LV" == Luc Verhaegen writes: LV> So, who has root access to annarchy or any other of the servers, and who LV> thought this would be funny, and who deserves to lose his access right LV> here, right now? s/annarchy/kemper/, yes? Annarchy is supposed to have a read-only nfs mount of the git repos. Kemper should be checked for signs of exploitation. As for the commit posting script, and given Alan's post, are you sure that if will post commits not branches other than master? Or that the readeonhd list will accept a post from r...@kemper.fd.o? It could have bounced or ended up in a presumed-spam queue. -JimC -- James Cloos OpenPGP: 1024D/ED7DAEA6 ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
On Tue, Nov 23, 2010 at 08:32:10AM -0800, Alan Coopersmith wrote: > Gaetan Nadon wrote: > > On Tue, 2010-11-23 at 13:57 +0100, Luc Verhaegen wrote: > >> > It is clear that this is not a normal security breach, as this > >> commit is > >> > fully in line with the naming scheme used by fd.o. Plus, given the > >> > history of radeonhd, combined with who i think have root access, makes > >> > it seem quite likely that this was simply one of the people with > >> regular > >> > root access. > >> > > I had noticed this appalling commit, looked around and came to the same > > conclusion. > > I had also received an e-mail alerting me about this commit. This is not > > a good use of our time. > > > > The commit should actually be removed from the repository, or at least > > reverted, > > to save other people from wasting time on this. Their wiki states that > > radeonhd is deprecated, > > which is fine, but that does not mean it should be crippled. > > It's on a separate branch, not master. (Doesn't mean it's right, just > that it's not actually going to cripple anything or waste time for anyone > who doesn't ask for it.) > > The last update on the radeonhd master branch is 6 months ago. > Alan, It strikes me that this should be downplayed. Please bear in mind that this is something which could happen again at any time to any project and branch. Either there is a security breech somewhere or someone with admin priviledges has lost his marbles and clearly went over the top. fd.o doesn't need either. Regards, Egbert. ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
On Tue, Nov 23, 2010 at 08:32:10AM -0800, Alan Coopersmith wrote: > Gaetan Nadon wrote: > > On Tue, 2010-11-23 at 13:57 +0100, Luc Verhaegen wrote: > >> > It is clear that this is not a normal security breach, as this > >> commit is > >> > fully in line with the naming scheme used by fd.o. Plus, given the > >> > history of radeonhd, combined with who i think have root access, makes > >> > it seem quite likely that this was simply one of the people with > >> regular > >> > root access. > >> > > I had noticed this appalling commit, looked around and came to the same > > conclusion. > > I had also received an e-mail alerting me about this commit. This is not > > a good use of our time. > > > > The commit should actually be removed from the repository, or at least > > reverted, > > to save other people from wasting time on this. Their wiki states that > > radeonhd is deprecated, > > which is fine, but that does not mean it should be crippled. > > It's on a separate branch, not master. (Doesn't mean it's right, just > that it's not actually going to cripple anything or waste time for anyone > who doesn't ask for it.) > > The last update on the radeonhd master branch is 6 months ago. Sure, it's a separate branch. Sure, you can easily remove the branch. But the base fact is: someone took advantage of his fd.o admin rights to do this. Luc Verhaegen. ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
Gaetan Nadon wrote: > On Tue, 2010-11-23 at 13:57 +0100, Luc Verhaegen wrote: >> > It is clear that this is not a normal security breach, as this >> commit is >> > fully in line with the naming scheme used by fd.o. Plus, given the >> > history of radeonhd, combined with who i think have root access, makes >> > it seem quite likely that this was simply one of the people with >> regular >> > root access. >> > I had noticed this appalling commit, looked around and came to the same > conclusion. > I had also received an e-mail alerting me about this commit. This is not > a good use of our time. > > The commit should actually be removed from the repository, or at least > reverted, > to save other people from wasting time on this. Their wiki states that > radeonhd is deprecated, > which is fine, but that does not mean it should be crippled. It's on a separate branch, not master. (Doesn't mean it's right, just that it's not actually going to cripple anything or waste time for anyone who doesn't ask for it.) The last update on the radeonhd master branch is 6 months ago. -- -Alan Coopersmith-alan.coopersm...@oracle.com Oracle Solaris Platform Engineering: X Window System ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Any plan to promote coordinats to 32 bits?
Teika Kazura wrote: > Dear List, > X coordinates are 16 bits, but are there any plan to promote them > to 32 bits? I couldn't find one in the Xorg site. It's not a simple "promotion" but breaking compatibility with the existing protocol - it's on the list of things to fix if we ever get around to a major compatibility breaking revision: http://www.x.org/wiki/Development/X12#A15bitcoordinatelimit > In fact, 16 bits are not sufficient these days. If you have > several screens and enlarge your desktop with a window manager > to several X screens width / height, it can easily exceed 32767. Several? I've yet to see many common monitors larger than 2560 pixels, so that's still 14 screens wide/high. > Is this fact known to X developement society? Of course. We are capable of basic math. -- -Alan Coopersmith-alan.coopersm...@oracle.com Oracle Solaris Platform Engineering: X Window System ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
On Tue, Nov 23, 2010 at 4:27 PM, Luc Verhaegen wrote: > On Tue, Nov 23, 2010 at 10:25:33AM -0500, Gaetan Nadon wrote: >> On Tue, 2010-11-23 at 13:57 +0100, Luc Verhaegen wrote: >> >> > > It is clear that this is not a normal security breach, as this >> > commit is >> > > fully in line with the naming scheme used by fd.o. Plus, given the >> > > history of radeonhd, combined with who i think have root access, >> > makes >> > > it seem quite likely that this was simply one of the people with >> > regular >> > > root access. >> > >> >> I had noticed this appalling commit, looked around and came to the same >> conclusion. >> I had also received an e-mail alerting me about this commit. This is not >> a good use of our time. >> >> The commit should actually be removed from the repository, or at least >> reverted, >> to save other people from wasting time on this. Their wiki states that >> radeonhd is deprecated, >> which is fine, but that does not mean it should be crippled. >> >> That would be the honorable thing to do for the author of this commit. >> I make mistakes, people tell me nicely, I fix them and life goes on. >> >> Gaetan > > Still, would you really want to trust your code to freedesktop.org after > this, knowing that there's someone with root access pulling stunts like > this? > > Luc Verhaegen. > ___ > xorg-de...@lists.x.org: X.Org development > Archives: http://lists.x.org/archives/xorg-devel > Info: http://lists.x.org/mailman/listinfo/xorg-devel > It's obvious the person must be found, and regardless of whether the person is found, change the root password and only tell those who are known to be trustworthy still. -- Far away from the primal instinct, the song seems to fade away, the river get wider between your thoughts and the things we do and say. ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
On Tue, Nov 23, 2010 at 10:25:33AM -0500, Gaetan Nadon wrote: > On Tue, 2010-11-23 at 13:57 +0100, Luc Verhaegen wrote: > > > > It is clear that this is not a normal security breach, as this > > commit is > > > fully in line with the naming scheme used by fd.o. Plus, given the > > > history of radeonhd, combined with who i think have root access, > > makes > > > it seem quite likely that this was simply one of the people with > > regular > > > root access. > > > > I had noticed this appalling commit, looked around and came to the same > conclusion. > I had also received an e-mail alerting me about this commit. This is not > a good use of our time. > > The commit should actually be removed from the repository, or at least > reverted, > to save other people from wasting time on this. Their wiki states that > radeonhd is deprecated, > which is fine, but that does not mean it should be crippled. > > That would be the honorable thing to do for the author of this commit. > I make mistakes, people tell me nicely, I fix them and life goes on. > > Gaetan Still, would you really want to trust your code to freedesktop.org after this, knowing that there's someone with root access pulling stunts like this? Luc Verhaegen. ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
On Tue, 2010-11-23 at 13:57 +0100, Luc Verhaegen wrote: > > It is clear that this is not a normal security breach, as this > commit is > > fully in line with the naming scheme used by fd.o. Plus, given the > > history of radeonhd, combined with who i think have root access, > makes > > it seem quite likely that this was simply one of the people with > regular > > root access. > I had noticed this appalling commit, looked around and came to the same conclusion. I had also received an e-mail alerting me about this commit. This is not a good use of our time. The commit should actually be removed from the repository, or at least reverted, to save other people from wasting time on this. Their wiki states that radeonhd is deprecated, which is fine, but that does not mean it should be crippled. That would be the honorable thing to do for the author of this commit. I make mistakes, people tell me nicely, I fix them and life goes on. Gaetan signature.asc Description: This is a digitally signed message part ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
RE: libX11 build error
On Tue, 2010-11-23 at 10:29 +0200, Deniz Fer wrote: > Hi again, > > I have collected the logs. > libX11_compile_log has the output of the following command(I guess this has > much information): > > ./util/modular/build.sh --clone -p --autoresume built.modules > /home/yaltes/Desktop/xorg > > libX11_V1_log0 has the output of "make V=1" after "make clean"(in libX11 > directory). On a working build, the following command is issued: /usr/bin/cpp -undef -traditional -DWCHAR32=1 < am_ET.UTF-8/XLC_LOCALE.pre | sed -e '/^# *[0-9][0-9]* *.*$/d' -e '/^#line *[0-9][0-9]* *.*$/d' -e '/^[ ]*XCOMM$/s/XCOMM/#/' -e '/^[ ]*XCOMM[^a-zA-Z0-9_]/s/XCOMM/#/' -e '/^[ ]*XHASH/s/XHASH/#/' -e 's,X11_LOCALEDATADIR,/home/nadon/xorg/src/share/X11/locale,g' -e '/\...@\@$/s/\...@\@$/\\/' > am_ET.UTF-8/XLC_LOCALE It looks like the entire command is missing which comes from the Makefile target: .pre: @$(MKDIR_P) $(@D) $(AM_V_GEN)$(RAWCPP) $(RAWCPPFLAGS) $(CPP_FILES_FLAGS) < $< | $(CPP_SED_MAGIC) > $@ where: RAWCPP = /usr/bin/cpp RAWCPPFLAGS = -undef -traditional CPP_FILES_FLAGS = $(WCHAR32_FLAGS) WCHAR32_FLAGS = -DWCHAR32=1 CPP_SED_MAGIC = $(SED) -e '/^\# *[0-9][0-9]* *.*$$/d' \ -e '/^\#line *[0-9][0-9]* *.*$$/d' \ -e '/^[ ]*XCOMM$$/s/XCOMM/\#/' \ -e '/^[ ]*XCOMM[^a-zA-Z0-9_]/s/XCOMM/\#/' \ -e '/^[ ]*XHASH/s/XHASH/\#/' \ -e 's,X11_LOCALEDATADIR,$(X11_LOCALEDATADIR),g' \ -e '/\...@\@$$/s/\...@\@$$/\\/' What is the version of libX11? Any warnings during configuration? Can you post config.log config.status? > > Thanks, > Deniz > > -Original Message- > From: Jeremy Huddleston [mailto:jerem...@freedesktop.org] > Sent: Monday, November 22, 2010 7:13 PM > To: Deniz Fer > Cc: x...@freedesktop.org; Osman Karpuz > Subject: Re: libX11 build error > > A full build log would be helpful. > > On Nov 22, 2010, at 07:57, Deniz Fer wrote: > > > Hello, > > > > I have a computer with CentOS 5.5 installed. My current Xorg version is > > attached and I want to upgrade to Release 7.5 (MPX being the main reason > > for the upgrade). > > > > I have followed every instruction in the wiki. I used manuel build with > > Peter's instructions in FAQ, I have failed. I used jhbuild (after upgrading > > python and dbus), I have failed. Every time I have failed I get the same > > error which is "am_ET.UTF-8/XLC_LOCALE: command not found". It's a module > > in libX11, nls. I also tried to use -disable-xlocale with no success. After > > some research it appears that after configure, Makefile has an error in it > > self and it tries to use a command that is not present in my system. > > > > Probably I'm missing some other upgrade but couldn't find what it might be. > > If anyone encountered this problem or something similar please help. Thank > > you for your time. > > > > Kind regards, > > Deniz FER > > YALTES A.Ş. > > Yenişehir Mah. > > Lale Sk. No:8 > > 34891-Pendik İSTANBUL > > Tel: +90 216 482 3060 x.241 > > Fax:+90 216 482 3051 > > > > ___ > > xorg@lists.freedesktop.org: X.Org support > > Archives: http://lists.freedesktop.org/archives/xorg > > Info: http://lists.freedesktop.org/mailman/listinfo/xorg > > Your subscription address: jerem...@freedesktop.org > > ___ > xorg@lists.freedesktop.org: X.Org support > Archives: http://lists.freedesktop.org/archives/xorg > Info: http://lists.freedesktop.org/mailman/listinfo/xorg > Your subscription address: mems...@videotron.ca signature.asc Description: This is a digitally signed message part ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Any plan to promote coordinats to 32 bits?
Hi Teika, As far as I know there hasn't been a lot of development to fix that, theres not enough pain for now. Unfourtunatly it would mean re-implementing a lot of X11's core protocol as new extensions. Probably a better way to fix that would be to create X12, or to use something different like e.g. Wayland. But don't get me wrong, I don't think Wayland will solve all problems magically just because its not called X ;) - Clemens ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Any plan to promote coordinats to 32 bits?
Teika Kazura wrote: > X coordinates are 16 bits, but are there any plan to promote them > to 32 bits? I couldn't find one in the Xorg site. > > In fact, 16 bits are not sufficient these days. If you have > several screens and enlarge your desktop with a window manager > to several X screens width / height, it can easily exceed 32767. No, it can't exceed 32767; you might /want/ to exceed that, but that's a different matter. > Is this fact known to X developement society? Yes. E.g. if you want to create a viewport on a much larger "canvas", you can't just create a child window the size of the canvas and scroll by changing its (parent-relative) position. You have to implement transformation and clipping yourself. The limitations on the core X protocol aren't likely to change; it would cause too much breakage. For graphics, you can just use Render, cairo, OpenGL, etc. I don't think that the 16-bit limitation on the size of a window is likely to be a problem for the foreseeable future (apart from anything else, you're likely to run into memory issues with backing store or compositing buffers before that). If you want large virtual desktops, the WM just needs to be creative. -- Glynn Clements ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
On Tue, Nov 23, 2010 at 01:47:19PM +0100, Luc Verhaegen wrote: > On Tue, Nov 23, 2010 at 01:32:30PM +0100, Luc Verhaegen wrote: > > Radeonhd repo: > > http://cgit.freedesktop.org/xorg/driver/xf86-video-radeonhd/commit/?h=spigot > > > > author SPIGOT 2010-11-02 04:21:14 (GMT) > > committer SPIGOT 2010-11-02 04:21:14 (GMT) > > commit 231683e2f111bb064125f64f2da797d744cde7fa (patch) > > ... > > PERHAPS BONGHITS WILL FIX MY MAKEFILE > > Signed-off-by: SPIGOT > > > > Very funny, but the person responsible forgot that maybe, this puts the > > whole trust in anything on fd.o at risk. > > > > A look at the repo itself shows: > > > > ...xf86-video-radeonhd/objects$ ls -al > > 23/1683e2f111bb064125f64f2da797d744cde7fa > > -r--r--r-- 1 root xorg 205 2010-11-01 21:22 > > 23/1683e2f111bb064125f64f2da797d744cde7fa > > > > This while others clearly show: > > > > ...xf86-video-radeonhd/objects$ ls -al > > 00/8cf170fe2f7d7c52bb691f77d2199a2e21f9d6 > > -r--r--r-- 1 mhopf xorg 596 2010-05-12 07:34 > > 00/8cf170fe2f7d7c52bb691f77d2199a2e21f9d6 > > > > So, who has root access to annarchy or any other of the servers, and who > > thought this would be funny, and who deserves to lose his access right > > here, right now? > > > > Luc Verhaegen. > > It is clear that this is not a normal security breach, as this commit is > fully in line with the naming scheme used by fd.o. Plus, given the > history of radeonhd, combined with who i think have root access, makes > it seem quite likely that this was simply one of the people with regular > root access. > > Luc Verhaegen. Also, the hooks/update script was not run, as that would've sent an email to the radeonhd mailing list, the update hook was restored afterwards it seems: ...xf86-video-radeonhd/hooks$ ls -al total 36 drwxrwsr-x 2 keithp xorg 4096 2010-11-04 15:01 . drwxrwsr-x 8 eich xorg 4096 2009-12-09 06:09 .. -rw-rw-r-- 1 keithp xorg 426 2007-09-17 11:09 applypatch-msg -rw-rw-r-- 1 keithp xorg 528 2007-09-17 11:09 commit-msg -rw-rw-r-- 1 keithp xorg 152 2007-09-17 11:09 post-commit -rwxrwxr-x 1 keithp xorg 207 2007-09-17 11:09 post-update -rw-rw-r-- 1 keithp xorg 373 2007-09-17 11:09 pre-applypatch -rw-rw-r-- 1 keithp xorg 1616 2007-09-17 11:09 pre-commit -rwxrwxr-x 1 keithp xorg 3755 2010-11-01 21:26 update This is not random at all. Luc Verhaegen. ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
On Tue, Nov 23, 2010 at 01:32:30PM +0100, Luc Verhaegen wrote: > Radeonhd repo: > http://cgit.freedesktop.org/xorg/driver/xf86-video-radeonhd/commit/?h=spigot > > authorSPIGOT 2010-11-02 04:21:14 (GMT) > committer SPIGOT 2010-11-02 04:21:14 (GMT) > commit231683e2f111bb064125f64f2da797d744cde7fa (patch) > ... > PERHAPS BONGHITS WILL FIX MY MAKEFILE > Signed-off-by: SPIGOT > > Very funny, but the person responsible forgot that maybe, this puts the > whole trust in anything on fd.o at risk. > > A look at the repo itself shows: > > ...xf86-video-radeonhd/objects$ ls -al > 23/1683e2f111bb064125f64f2da797d744cde7fa > -r--r--r-- 1 root xorg 205 2010-11-01 21:22 > 23/1683e2f111bb064125f64f2da797d744cde7fa > > This while others clearly show: > > ...xf86-video-radeonhd/objects$ ls -al > 00/8cf170fe2f7d7c52bb691f77d2199a2e21f9d6 > -r--r--r-- 1 mhopf xorg 596 2010-05-12 07:34 > 00/8cf170fe2f7d7c52bb691f77d2199a2e21f9d6 > > So, who has root access to annarchy or any other of the servers, and who > thought this would be funny, and who deserves to lose his access right > here, right now? > > Luc Verhaegen. It is clear that this is not a normal security breach, as this commit is fully in line with the naming scheme used by fd.o. Plus, given the history of radeonhd, combined with who i think have root access, makes it seem quite likely that this was simply one of the people with regular root access. Luc Verhaegen. ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Respository vandalism by r...@...fd.o
Radeonhd repo: http://cgit.freedesktop.org/xorg/driver/xf86-video-radeonhd/commit/?h=spigot author SPIGOT 2010-11-02 04:21:14 (GMT) committer SPIGOT 2010-11-02 04:21:14 (GMT) commit 231683e2f111bb064125f64f2da797d744cde7fa (patch) ... PERHAPS BONGHITS WILL FIX MY MAKEFILE Signed-off-by: SPIGOT Very funny, but the person responsible forgot that maybe, this puts the whole trust in anything on fd.o at risk. A look at the repo itself shows: ...xf86-video-radeonhd/objects$ ls -al 23/1683e2f111bb064125f64f2da797d744cde7fa -r--r--r-- 1 root xorg 205 2010-11-01 21:22 23/1683e2f111bb064125f64f2da797d744cde7fa This while others clearly show: ...xf86-video-radeonhd/objects$ ls -al 00/8cf170fe2f7d7c52bb691f77d2199a2e21f9d6 -r--r--r-- 1 mhopf xorg 596 2010-05-12 07:34 00/8cf170fe2f7d7c52bb691f77d2199a2e21f9d6 So, who has root access to annarchy or any other of the servers, and who thought this would be funny, and who deserves to lose his access right here, right now? Luc Verhaegen. ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Tablets with GIMP
On 11/21/2010 06:20 PM, Neil Whelchel wrote: On Sunday, November 21, 2010 05:44:32 pm Peter Hutterer wrote: ... elision by patrick ... gimp grabs the device when a button press is registered on the canvas, but does not do so for events outside the canvas (well, because it wouldn't get them since they don't arrive on the canvas) Maybe I was not clear. The GIMP scales the entire tablet area to the size of the canvas when it is in Window mode. Even though the actual tool is on the canvas because of scaling, clicks are not passed to the GIMP if you are outside of the area that the pointer would be on the canvas if GIMP was not scaling it. I can see this by the way that it acts. There is a problem there, however. Since SendCoreEvents is false, the core pointer moves in response to the mouse, not the tablet. In this case, you would think that having the window active would be enough to allow it to receive tablet events (since GIMP is configured to look for the tablet events in its exended input configuration), but that is not how it works. That's not true though, because until gimp grabs the pointer the mapping of the tablet to the window hasn't started yet. Your touching at the edge of the tablet, not yet mapped in gimp doesn't get delivered to gimp because it's outside the window as far as X is concerned. The point is that when GIMP is set in Window mode, the entire tablet surface is scaled to the size of the drawing window. As I move the pen to the edge of the tablet, the tool is positioned at the edge of the window. Where things go bad is that even though the tool is in the window, when I click the pen, GIMP does not see the event. It is like xorg is not seeing the fact that GIMP is scaling the input and that the tool *IS* in the window. If you don't account for scaling and click in a place where the tool WOULD be in the window if scaling were not applied, it works as expected, and continues to work when you drag the pen outside of the unscaled area. There is no documentation to explain this or work around this issue. That's just the way it works. That's exactly why I use Screen mode in GIMP. Windows mode turns out to be a pain unless your drawing window is fullscreened. Patrick ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com