BerliOS.de comrpomise

[Josh Bressers <bressers () redhat com>]

Hello all,

As some of you have heard, it seems that BerliOS was compromised recently.
http://lwn.net/Articles/369633/
http://www.h-online.com/open/news/item/BerliOS-open-source-project-portal-falls-victim-to-attack-903990.html

I've mailed the BerliOS admins with no reply. I'm wondering if anyone has 
any additional details regarding this.

The Apache group had a similar incident some years back, and did an 
incredible job of documenting things:
http://www.apache.org/info/20010519-hack.html

I suspect that given the large number of distributions this will affect, 
some sort of coordinated effort may be in order. Unless we are given 
evidence to the contrary, I think it must be presumed that source hosted at
berlios.de is not secure and needs to be inspected.

This topic was briefly brought up on a Fedora mailing list:
http://lists.fedoraproject.org/pipermail/devel/2010-January/129156.html

I suspect each distribution will have their own list of sources that need
inspection.

Thanks.

-- 
    JB