I wanted to ask everyone on the developer list to take a moment and review the incident report that the Apache Infrastructure Team just issued: https://blogs.apache.org/infra/entry/apache_org_04_09_2010
I don't ask this to bag on Apache or JIRA or any other entity mentioned in the incident report. Apache was the victim of a targeted attack and that can and has happened to many well known entities on the net. Instead, I ask this because I care about the security of our community, the MeeGo infrastructure and the MeeGo distribution as well. As the profile of MeeGo increases with time, the threat to the security of MeeGo will also increase. I think one key items that the incident report does not mention is that if the attackers had not taken the aggressive step of resetting passwords on the compromised system, it is very possible the intrusion would still be undetected. Thanks for taking the time out of your busy lives to raise your security awareness. Ryan _______________________________________________ MeeGo-dev mailing list [email protected] http://lists.meego.com/listinfo/meego-dev
