Subject: Re: attempt to plant a back door in the Linux kernel
To: David Maxwell <>
From: Steven M. Bellovin <>
List: tech-security
Date: 11/07/2003 13:41:50
In message <20031107182855.GE9816@mail>, David Maxwell writes:
>On Fri, Nov 07, 2003 at 11:44:31AM -0500, Steve Bellovin wrote:
>Every note about this that I'd seen up until now had not mentioned
>anything about how the server was compromised.
>	"by Thursday an investigation into how the development site was
>	compromised was underway, headed by Linux chief Linus Torvalds,
>	according to McVoy. "
>Too often, in the open source world, people fail to understand the
>importance of transparency. When something goes wrong like this, there
>needs to be an announcement of any results this investigation can
>Failure to discuss the hack should cause people to ask "How do we know
>it hasn't happened more often, or why it won't happen again?"

The MSNBC story ( )
noted that there was a security problem in CVS.

		--Steve Bellovin,