Subject: Re: attempt to plant a back door in the Linux kernel
To: David Maxwell <firstname.lastname@example.org>
From: Steven M. Bellovin <email@example.com>
Date: 11/07/2003 13:41:50
In message <20031107182855.GE9816@mail>, David Maxwell writes:
>On Fri, Nov 07, 2003 at 11:44:31AM -0500, Steve Bellovin wrote:
>Every note about this that I'd seen up until now had not mentioned
>anything about how the server was compromised.
> "by Thursday an investigation into how the development site was
> compromised was underway, headed by Linux chief Linus Torvalds,
> according to McVoy. "
>Too often, in the open source world, people fail to understand the
>importance of transparency. When something goes wrong like this, there
>needs to be an announcement of any results this investigation can
>Failure to discuss the hack should cause people to ask "How do we know
>it hasn't happened more often, or why it won't happen again?"
The MSNBC story ( http://www.msnbc.com/news/990343.asp?0si=- )
noted that there was a security problem in CVS.
--Steve Bellovin, http://www.research.att.com/~smb