Published: Friday 2003-11-21.
The big news today is of course that several Debian machines have been cracked. According to some reports, a password was stolen, fortunately the archive was not affected, and has been verified as genuine. The investigation is still in progress.
The distributedness of the Debian project is both its great strength and its big weakness. Since the administrators are not necessarily located in the same town, country or even continent as the machines they administer, they have to have remote administrative access to the machines. Anything that can be administrated remotely can of course be compromised, that is common sense. But also, due to administrators living in different areas of the world, in different time-zones, they can also watch the system status around the clock.
It is not often that compromised systems like this are reported, other companies would keep this data to themselves, but in the spirit of openness, Debian has woved not to hide its problems. Telling the truth is definitely the best way to keep the trust of the community.
Big thanks to the administrator teams that have worked hard to clear up the mess.