OT: What's up with the starship?
rurpy at yahoo.com
rurpy at yahoo.com
Tue Oct 17 11:26:21 EDT 2006
Fredrik Lundh wrote:
> rurpy at yahoo.com wrote:
>
> > I admit I am totally flmmexed by your answer.
> > What does when the bug was introduced have to do with
> > anything?
>
> oh, I thought your main concern was whether the packages available had
> been compromised,
Yes.
> and that you asked if that was the reason an advisory
> was released last week.
No, I asked if there was any relationship.
http://groups.google.com/group/comp.lang.python/msg/f1974d9b5a42639e?hl=en&
> if someone has developed an exploit for the vulnerability, chances are
> that they'd attack more than just a single obscure and mostly abandoned
> server.
If someone's goal was to compromise machines by compromising
software that was likely to be installed by many people, they would
be wise to minimize the chance of detection by attacking as few
machines as possible. But given what mwh wrote earlier about the
incident, and what you say about starship.python.net's lack
of prominence, obviously it was unlikely their goal.
More information about the Python-list
mailing list