OT: What's up with the starship?

[rurpy at yahoo.com]

George Sakkis wrote:
> rurpy at yahoo.com wrote:
> > Robert Hicks wrote:
> > > rurpy at yahoo.com wrote:
> > > > T. Bryan wrote:
> > > > > starship.python.net was compromised.  It looked like a rootkit may have been
> > > > > installed.  The volunteer admins are in the process of reinstalling the OS
> > > > > and rebuilding the system.  That process will probably take a few days at
> > > > > least.
> > > >
> > > > Does anyone know more?
> > > >
> > > > What about the integrity of the python packages hosted there?
> > > > When was the site compromised?
> > > > I just installed the python 2.5 pywin module last week.
> > > > Should I be concerned?
> > > >
> > > > Is this related to the Python security problem recently announced?
> > >
> > > Did you even read about the vulnerability?
> >
> > Yes.  Do you have any answers, or do you just enjoy posting irrevelant
> > responses?
>
> I guess his response implied that what's irrelevant here is the
> vulnerability, and accordingly your worries about it.

Then perhaps he should have said that, in which case I would
have explained why he did not understand what he read.  Let me
try again...

1. A site which hosts (I think, hence the questions) a number
of high profile, popular python projects was compomised.
2. It was compromised with a root kit which by their nature,
often go undetected for a long time.
3. It is common for miscreants to attempt to introduce
backdoors into software that will be widely distributed.
4. Anyone downloading and installing such trojaned software
will also be compromised.
5. Verifying that such a thing has not happened can be very
difficult, particularly if the date and other details of the
compromise cannot be accurately determined.
6. Many organisations give image and pr a higher priority
than the safety of their customers/users and wave off security
breechs with "don't worry, everything is fine.  We're sure
nothing has been touched" when in fact they have no idea.
7. I have seen no public statements or information about
this leading me to wonder about the stuation and how it's
being handled, hence my seeking of further information.

That's what I am concerned about, ok?
I don't really care how the site was compromised and my
question about the python security vunerability was curiosity.

But, I am still completely at a loss why you, he, or anyone,
based on the information presented so far,.would conclude
that the python security problem is unrelated.
Care to enlighten me?
But more inmportantly, how about addressing my original
questions which are, even if you do not think so, pretty
important for anyone who has recently downloaded software
from or built there.