On Wed, 2010-11-24 at 11:25 +0100, Maarten Maathuis wrote:
If Adam indeed did this, and did not undo it afterwards, then he is
having at least some (mental) issues. He did the right thing by
disabling his admin account, because he obviously has some things to
sort out. While the action itself
Matthew Garrett wrote:
The lack of documentation for various aspects of the server doesn't help
either. I found X development far more intimidating than getting
involved in the kernel.
That is something we know we've been lacking for a long time, and have been
working to correct. So far
On Wed, Nov 24, 2010 at 02:56:32PM -0700, Matt Dew wrote:
This I'm curious about. Are there more companies that feel it's
too-hard/not-worth-while for companies to contribute stuff to Xorg?
I know the linux kernel has this issue, but is X's contribution
difficulty larger?
I think X faces
On Thu, Nov 25, 2010 at 09:23:38PM +, Alan Cox wrote:
but simply being more enthusiastic about accepting contributions doesn't
seem like a great plan (compare the code quality of nouveau, intel and
radeon to that of some of the out of tree drivers, for instance)
I think that is a
but simply being more enthusiastic about accepting contributions doesn't
seem like a great plan (compare the code quality of nouveau, intel and
radeon to that of some of the out of tree drivers, for instance)
I think that is a little naïve. There is a difference between vendors
attempting to
On Wed, Nov 24, 2010 at 4:48 PM, Luc Verhaegen l...@skynet.be wrote:
On Wed, Nov 24, 2010 at 04:36:17PM +1000, Dave Airlie wrote:
On Wed, Nov 24, 2010 at 4:31 PM, Luc Verhaegen l...@skynet.be wrote:
See, this was exactly the problem here. It _was_ a freedesktop admin.
And it was pretty
On Wed, Nov 24, 2010 at 06:01:19PM +1000, Dave Airlie wrote:
On Wed, Nov 24, 2010 at 4:48 PM, Luc Verhaegen l...@skynet.be wrote:
On Wed, Nov 24, 2010 at 04:36:17PM +1000, Dave Airlie wrote:
On Wed, Nov 24, 2010 at 4:31 PM, Luc Verhaegen l...@skynet.be wrote:
See, this was exactly the
Luc Verhaegen l...@skynet.be writes:
On Wed, Nov 24, 2010 at 04:36:17PM +1000, Dave Airlie wrote:
On Wed, Nov 24, 2010 at 4:31 PM, Luc Verhaegen l...@skynet.be wrote:
See, this was exactly the problem here. It _was_ a freedesktop admin.
And it was pretty clear that it was that from the
On 24/11/10 18:00 , Eirik Byrkjeflot Anonsen wrote:
1. What systems do we have in place that enables us to detect when a
trusted admin acts in bad judgement or with evil intent? What
is the probability that such actions will be noticed? Can we do
anything to increase this
As far as I can see, all you've managed to do is to create a lot of
noise about what is, in itself, a fairly minor incident. Yes, it is
serious that a trusted admin abuses his powers. However, that happens
and will continue to happen. Humans are like that. We often show a
remarkable lack
On Wed, Nov 24, 2010 at 06:33:19PM +1000, Peter Hutterer wrote:
On 24/11/10 18:00 , Eirik Byrkjeflot Anonsen wrote:
1. What systems do we have in place that enables us to detect when a
trusted admin acts in bad judgement or with evil intent? What
is the probability that such actions
On Wed, Nov 24, 2010 at 11:03 AM, Tim Beaulen tbsc...@gmail.com wrote:
Luc,
I completely agree with you.
___
x...@lists.freedesktop.org: X.Org support
Archives: http://lists.freedesktop.org/archives/xorg
Info:
On 24/11/10 19:38 , Luc Verhaegen wrote:
On Wed, Nov 24, 2010 at 06:33:19PM +1000, Peter Hutterer wrote:
On 24/11/10 18:00 , Eirik Byrkjeflot Anonsen wrote:
1. What systems do we have in place that enables us to detect when a
trusted admin acts in bad judgement or with evil intent? What
Hi,
I've been mostly offline whilst moving, so have only read this through
web archives. As mentioned on IRC earlier, it was my account used.
My apologies: as ajax said, it's indefensible, and am not really sure
what else to say. I've suspended my root accounts as well.
That being said:
On
On Wed, Nov 24, 2010 at 11:18:20AM +, Alan Cox wrote:
He ensured the problem was noticed, and that it got out to people who
depend upon the repository being secure and properly managed. In this
case that turns out to have ensured the offender admitted to something
silly but if it had
On Wed, Nov 24, 2010 at 08:27:12PM +1000, Peter Hutterer wrote:
On 24/11/10 19:38 , Luc Verhaegen wrote:
Conspiracy theories?
I did not imply that you were the one starting with the conspiracy
theories, and I think strictly speaking there was no name-calling in
that thread either so I
Eirik Byrkjeflot Anonsen wrote:
2. What systems do we have in place that enables us to detect evil
commits once they actually make their way into the repository? What
is the probability that they will be noticed? Can we do anything to
increase this probability?
Distributed version
On Wed, Nov 24, 2010 at 6:58 AM, Luc Verhaegen l...@skynet.be wrote:
On Wed, Nov 24, 2010 at 08:27:12PM +1000, Peter Hutterer wrote:
On 24/11/10 19:38 , Luc Verhaegen wrote:
Conspiracy theories?
I did not imply that you were the one starting with the conspiracy
theories, and I think
On Wed, Nov 24, 2010 at 11:08:18AM -0500, Matt Turner wrote:
From the Phoronix forums, you say
Yeah, this was most definitely not a simple prank, as some people like to
claim.
What are you suggesting it was?
Do you really find this a simple prank? Or do you find this a flagrant
abuse
On Wed, Nov 24, 2010 at 5:12 PM, Luc Verhaegen l...@skynet.be wrote:
On Wed, Nov 24, 2010 at 11:08:18AM -0500, Matt Turner wrote:
From the Phoronix forums, you say
Yeah, this was most definitely not a simple prank, as some people like to
claim.
What are you suggesting it was?
Do you
On Nov 23, 10 22:56:52 +, Alan Cox wrote:
It's on a separate branch, not master. (Doesn't mean it's right, just
that it's not actually going to cripple anything or waste time for anyone
who doesn't ask for it.)
And how many other un-noticed commits did this person make ? Until you
So, wearing my X11R7.6 Release Manager hat, I am willing to accept
that the git repositories are not known to be compromised by an
outside actor, and that we can go forward with development releases
as normal.
I had been quietly holding off on doing any more releases until the
issue was
But you also might want to consider that i was at a hardware vendor two
weeks ago, and i had to listen to their main engineer calling
contributing directly to X a waste of time, and that they rather fix
the versions their customers ship, and hand the patches to their
customers directly, never
drago01 wrote:
You pointed out the issue, we found out who did it, they apologized
for doing so and revoked their root access.
So what other actions do you want to be taken now?
If I may step in I suggest investing some time and developing some sort
of (formal) security concept. It's not
.. we can go forward with development releases
I agree. Since Adam and Daniel did the right thing and admitted to the prank[1]
we can go forward with a release.
Pat
---
[1] admitting to making a blunder is hard to do, I know from personal
experience, so I
think both Adam and Daniel
On Wed, Nov 24, 2010 at 08:34:21PM -0600, Pat Kane wrote:
.. we can go forward with development releases
I agree. Since Adam and Daniel did the right thing and admitted to the
prank[1]
we can go forward with a release.
Pat
---
[1] admitting to making a blunder is hard to do, I
On Thu, Nov 25, 2010 at 08:42:40AM +0100, Luc Verhaegen wrote:
On Wed, Nov 24, 2010 at 08:34:21PM -0600, Pat Kane wrote:
.. we can go forward with development releases
I agree. Since Adam and Daniel did the right thing and admitted to the
prank[1]
we can go forward with a
On Wed, Nov 24, 2010 at 02:56:32PM -0700, Matt Dew wrote:
But you also might want to consider that i was at a hardware vendor two
weeks ago, and i had to listen to their main engineer calling
contributing directly to X a waste of time, and that they rather fix
the versions their customers
Radeonhd repo:
http://cgit.freedesktop.org/xorg/driver/xf86-video-radeonhd/commit/?h=spigot
author SPIGOT r...@jerkcity.com 2010-11-02 04:21:14 (GMT)
committer SPIGOT r...@jerkcity.com 2010-11-02 04:21:14 (GMT)
commit 231683e2f111bb064125f64f2da797d744cde7fa (patch)
...
PERHAPS
On Tue, Nov 23, 2010 at 01:32:30PM +0100, Luc Verhaegen wrote:
Radeonhd repo:
http://cgit.freedesktop.org/xorg/driver/xf86-video-radeonhd/commit/?h=spigot
authorSPIGOT r...@jerkcity.com 2010-11-02 04:21:14 (GMT)
committer SPIGOT r...@jerkcity.com 2010-11-02 04:21:14
On Tue, Nov 23, 2010 at 01:47:19PM +0100, Luc Verhaegen wrote:
On Tue, Nov 23, 2010 at 01:32:30PM +0100, Luc Verhaegen wrote:
Radeonhd repo:
http://cgit.freedesktop.org/xorg/driver/xf86-video-radeonhd/commit/?h=spigot
author SPIGOT r...@jerkcity.com 2010-11-02 04:21:14 (GMT)
On Tue, 2010-11-23 at 13:57 +0100, Luc Verhaegen wrote:
It is clear that this is not a normal security breach, as this
commit is
fully in line with the naming scheme used by fd.o. Plus, given the
history of radeonhd, combined with who i think have root access,
makes
it seem quite
On Tue, Nov 23, 2010 at 10:25:33AM -0500, Gaetan Nadon wrote:
On Tue, 2010-11-23 at 13:57 +0100, Luc Verhaegen wrote:
It is clear that this is not a normal security breach, as this
commit is
fully in line with the naming scheme used by fd.o. Plus, given the
history of radeonhd,
On Tue, Nov 23, 2010 at 4:27 PM, Luc Verhaegen l...@skynet.be wrote:
On Tue, Nov 23, 2010 at 10:25:33AM -0500, Gaetan Nadon wrote:
On Tue, 2010-11-23 at 13:57 +0100, Luc Verhaegen wrote:
It is clear that this is not a normal security breach, as this
commit is
fully in line with the
Gaetan Nadon wrote:
On Tue, 2010-11-23 at 13:57 +0100, Luc Verhaegen wrote:
It is clear that this is not a normal security breach, as this
commit is
fully in line with the naming scheme used by fd.o. Plus, given the
history of radeonhd, combined with who i think have root access, makes
On Tue, Nov 23, 2010 at 08:32:10AM -0800, Alan Coopersmith wrote:
Gaetan Nadon wrote:
On Tue, 2010-11-23 at 13:57 +0100, Luc Verhaegen wrote:
It is clear that this is not a normal security breach, as this
commit is
fully in line with the naming scheme used by fd.o. Plus, given the
On Tue, Nov 23, 2010 at 08:32:10AM -0800, Alan Coopersmith wrote:
Gaetan Nadon wrote:
On Tue, 2010-11-23 at 13:57 +0100, Luc Verhaegen wrote:
It is clear that this is not a normal security breach, as this
commit is
fully in line with the naming scheme used by fd.o. Plus, given the
LV == Luc Verhaegen l...@skynet.be writes:
LV So, who has root access to annarchy or any other of the servers, and who
LV thought this would be funny, and who deserves to lose his access right
LV here, right now?
s/annarchy/kemper/, yes? Annarchy is supposed to have a read-only nfs
mount of
It's on a separate branch, not master. (Doesn't mean it's right, just
that it's not actually going to cripple anything or waste time for anyone
who doesn't ask for it.)
And how many other un-noticed commits did this person make ? Until you
know that you have to assume a complete compromise.
On Tue, Nov 23, 2010 at 10:56:52PM +, Alan Cox wrote:
It's on a separate branch, not master. (Doesn't mean it's right, just
that it's not actually going to cripple anything or waste time for anyone
who doesn't ask for it.)
And how many other un-noticed commits did this person make ?
Luc Verhaegen wrote:
Still, would you really want to trust your code to freedesktop.org after
this, knowing that there's someone with root access pulling stunts like
this?
Feel free to keep your code somewhere else - oh wait, you already do.
--
-Alan Coopersmith-
Egbert Eich wrote:
It strikes me that this should be downplayed.
I assume you meant should *not* be downplayed. It should also
not be overplayed - mailing xorg users list alerting the media
were simply seeking attention and distracting from solving the real
problems at hand.
Please bear in
On Tue, 2010-11-23 at 13:32 +0100, Luc Verhaegen wrote:
Radeonhd repo:
http://cgit.freedesktop.org/xorg/driver/xf86-video-radeonhd/commit/?h=spigot
authorSPIGOT r...@jerkcity.com 2010-11-02 04:21:14 (GMT)
committer SPIGOT r...@jerkcity.com 2010-11-02 04:21:14 (GMT)
On Tue, Nov 23, 2010 at 07:24:12PM -0500, Adam Jackson wrote:
On Tue, 2010-11-23 at 13:32 +0100, Luc Verhaegen wrote:
Radeonhd repo:
http://cgit.freedesktop.org/xorg/driver/xf86-video-radeonhd/commit/?h=spigot
author SPIGOT r...@jerkcity.com 2010-11-02 04:21:14 (GMT)
On Tue, Nov 23, 2010 at 03:36:58PM -0800, Alan Coopersmith wrote:
Alan Cox wrote:
It's on a separate branch, not master. (Doesn't mean it's right, just
that it's not actually going to cripple anything or waste time for anyone
who doesn't ask for it.)
And how many other un-noticed
On Wed, Nov 24, 2010 at 4:31 PM, Luc Verhaegen l...@skynet.be wrote:
On Tue, Nov 23, 2010 at 03:36:58PM -0800, Alan Coopersmith wrote:
Alan Cox wrote:
It's on a separate branch, not master. (Doesn't mean it's right, just
that it's not actually going to cripple anything or waste time for
On Wed, Nov 24, 2010 at 04:36:17PM +1000, Dave Airlie wrote:
On Wed, Nov 24, 2010 at 4:31 PM, Luc Verhaegen l...@skynet.be wrote:
See, this was exactly the problem here. It _was_ a freedesktop admin.
And it was pretty clear that it was that from the onset too. Mailing
fd.o admins, even if
What would you suggest should be done next? Checking logs for traces
of this? Those which could reveal this information might be gone already.
Looking for anything which is in the tree but not in or not matching the
mail archive. Sounds like a job for a perl nutter 8)
And chasing down who did
48 matches
Mail list logo