In message <20031107182855.GE9816@mail>, David Maxwell writes:
>On Fri, Nov 07, 2003 at 11:44:31AM -0500, Steve Bellovin wrote:
>> http://www.securityfocus.com/news/7388
>
>Every note about this that I'd seen up until now had not mentioned
>anything about how the server was compromised.
>
>	"by Thursday an investigation into how the development site was
>	compromised was underway, headed by Linux chief Linus Torvalds,
>	according to McVoy. "
>
>Too often, in the open source world, people fail to understand the
>importance of transparency. When something goes wrong like this, there
>needs to be an announcement of any results this investigation can
>conclude.
>
>Failure to discuss the hack should cause people to ask "How do we know
>it hasn't happened more often, or why it won't happen again?"
>

The MSNBC story ( http://www.msnbc.com/news/990343.asp?0si=- )
noted that there was a security problem in CVS.

		--Steve Bellovin, http://www.research.att.com/~smb