Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[eclipse.org-committers] PLEASE READ: Recent Security Breaches on Open Source Sites

Greetings,

As you may be aware, there was a security breach on the linux.com site yesterday.  This follows the security breach that occurred on kernel.org two short weeks ago.

We are not taking these recent security breaches lightly.  Effective immediately, we have revoked SSH shell access to everyone on all our servers.  Direct shell access to dev.eclipse.org will no longer be allowed, and shell access to build.eclipse.org will be granted on an as-needed basis.  Since build.eclipse.org has access to all the file systems that are available to dev.eclipse.org, you should not need to access dev.eclipse.org directly from a shell.

If you need shell access on build.eclipse.org, please use the Portal tool to request a shell.  You must provide a valid, detailed reason for needing a shell, and shells will be granted mainly to release engineers.  Please note that for regular committer activities (using CVS, SVN and Git) a shell is not required.

In the background, we will be performing analysis on your committer accounts to make sure your account is secure.

I apologize for the inconvenience this causes; however, our site's security, and the integrity of your source code, are our #1 priorities.

If you have any questions or concerns, please contact us at webmaster@xxxxxxxxxxx.

Denis

--
Denis Roy
Director, IT Services
Eclipse Foundation, Inc. -- http://www.eclipse.org/
Office: 613.224.9461 x224 (Eastern time)
denis.roy@xxxxxxxxxxx

EclipseCon
          Europe 2011

Back to the top