recoiledsnake writes: The main GNU source repository server savannah.gnu.org, used as a central code repository for many GNU projects including gcc, has been compromised by a SQL injection attack and is currently offline. Attackers were able to read encrypted passwords and decrypt them, some presumably by brute force leading to project membership access. There was no database loss since a working backup system was at least maintained. However, the attack does raise big questions about why a organization that prides itself on the security of its software failed to follow minimum basic security practices like storing password hashes instead of encrypting them and mitigating SQL injection attacks. There are no details on whether the attackers were able to sneak in malicious code to any of the projects hosted by GNU. And, as we all know from Ken Thompson's Turing award lecture, once the compiler is compromised, it's game over.