[blag-whereto] blag.fsf.org ssh down

[Alexandre Oliva]

On Jun  4, 2011, Weyasey <weyasey at gmail.com> wrote:

> Well since the server is actually broken and useless at the moment

FWIW, it wasn't when I completed the upgrade experiment in the chroot.
The repository was still functional and, indeed, I used the repository
in the upgrade.  Though at that time I noticed the repository was
already much smaller than it was a few days before, as in, it didn't
contain the 119k iso images that I considered using as an intermediate
target, so I assumed someone else was rearranging the repository or
something.

The conclusion is that we were either broken into (which someone might
have, given that we were running a system that was ancient and full of
holes, and the fact that we were was mentioned in public when I was told
by the fSF that *I* was responsible for keeping it secure and first
logged into the system about a week ago), or some /tmp cleaner found the
bind-mounts I created in there for the experiment and decided to clean
them up.

> The questions should have been asked before you did anything in the
> beginning,

The experiment was done in a separate tree precisely so as to not affect
the running system.  It's still not clear how or even whether it did, so
please save your frustration for when that is determined.  I'm just as
unhappy as you are about it; even more now, for I *might* be related
with it: both mentioning in public the vulnerabilities of the system and
bind-mounting the repository in /tmp.

-- 
Alexandre Oliva, freedom fighter    http://FSFLA.org/~lxoliva/
You must be the change you wish to see in the world. -- Gandhi
Be Free! -- http://FSFLA.org/   FSF Latin America board member
Free Software Evangelist      Red Hat Brazil Compiler Engineer