On Thu, 2011-10-13 at 14:22 -0700, Sriram Ramkrishna wrote: > So with the recent hacking into kernel.org, and Linux foundation > websites, and just recently I learned that winehq's application > database also being compromised, I'm wondering if we should be be > looking to making sure we are safe? I have the impression that FOSS > sites are new targets for black hat hackers. I would hate to see > ourselves compromised like the kernel folks. I know kernel hackers > have taken this very seriously. I wish I had brought it up before > Montreal Summit, but alas. > > If there is nothing to do here, then that's great. I just want to > bring the question up.
The two most immediate things that come to mind, that would be good: Finish sealing master.gnome.org so you don't need to log in Disable all git accounts that haven't been active in the last 24 months I don't think that asking our users to change their SSH keys has much value, and we generally don't have passwords that a user would be able to share with another site. (live.gnome.org and bugzilla.gnome.org do, but they are relatively uninteresting for someone gaining unauthorized access.) - Owen _______________________________________________ gnome-infrastructure mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gnome-infrastructure
