berlios.de compromised since 2005
Adam Jackson
ajax at redhat.com
Wed Jan 13 23:00:07 UTC 2010
On Wed, 2010-01-13 at 12:23 -0500, Seth Vidal wrote:
> Hi folks,
> This lwn article reports that berlios.de has been compromised for a long,
> long time.
>
> http://lwn.net/Articles/369633/
>
> So I compiled a little list of pkgs that need a look:
>
> http://skvidal.fedorapeople.org/misc/berlios-pkg-owners-list.txt
For paranoia's sake, it would be useful to expand this list:
a) compute the list of binary rpms produced by these source packages
b) compute the list of source packages that have those binrpms in their
buildroot
c) iterate steps a and b until the list of source packages stops growing
Try not to think too hard about the implications if the final set
includes gcc, glibc, binutils...
- ajax
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20100113/eb616374/attachment.bin
More information about the devel
mailing list