recoiledsnake writes: The main GNU source repository server savannah.gnu.org, used as a central code repository for many GNU projects including gcc, has been compromised by a SQL injection attack and is currently offline. Attackers were able to read encrypted passwords and decrypt them, some presumably by brute force leading to project membership access. There was no database loss since a working backup system was at least maintained. However, the attack does raise big questions about why a organization that prides itself on the security of its software failed to follow minimum basic security practices like storing password hashes instead of encrypting them and mitigating SQL injection attacks. There are no details on whether the attackers were able to sneak in malicious code to any of the projects hosted by GNU. And, as we all know from Ken Thompson's Turing award lecture, once the compiler is compromised, it's game over.
recoiledsnake writes: A few years after the Con Kolivas fiasco, the FatELF project to implement the 'universal binaries' feature for Linux that allows a single binary file to run on multiple hardware platforms has been grounded. Ryan C. Gordon, who has ported a number of popular games and game servers to Linux, has this to say: "It looks like the Linux kernel maintainers are frowning on the FatELF patches. Some got the idea and disagreed, some didn't seem to hear what I was saying, and some showed up just to be rude. I'll definitely think twice before trying to contribute again, especially if it addresses the status quo. Open source is a lot more gratifying when you are working on your own project. Contributing to other projects? Not so much fun, it turns out." The launch of the project was recently discussed here.. The FatELF project page and FAQ are still up.