On Fri, Nov 07, 2003 at 11:44:31AM -0500, Steve Bellovin wrote:
> http://www.securityfocus.com/news/7388

Every note about this that I'd seen up until now had not mentioned
anything about how the server was compromised.

	"by Thursday an investigation into how the development site was
	compromised was underway, headed by Linux chief Linus Torvalds,
	according to McVoy. "

Too often, in the open source world, people fail to understand the
importance of transparency. When something goes wrong like this, there
needs to be an announcement of any results this investigation can
conclude.

Failure to discuss the hack should cause people to ask "How do we know
it hasn't happened more often, or why it won't happen again?"

-- 
David Maxwell, david@vex.net|david@maxwell.net --> Unless you have a solution
when you tell them things like that, most people collapse into a gibbering, 
unthinking mass.  This is the same reason why you probably don't tell your 
boss about everything you read on BugTraq!    - Signal 11