Folks,
You may have heard about the Heartbleed bug in the OpenSSL
libraries:
http://heartbleed.com/
We have not identified any Eclipse servers that are vulnerable to
this bug. Although we upgrade our servers regularly as needed, our
SLES Entreprise Linux typically lags behind with release versions of
the packages it employs, preferring instead to backport security
patches into the older, mature versions.
Using such a Linux distro typically means compromising the latest
features for security and stability. In this case, we feel that
having a site that has remained secure and available to you, despite
the severity of this bug, is definitely a worthy feature.
Moving forward, we're considering deploying some of the more
leading-edge OS platforms for use within Hudson/HIPP for builds and
tests. However, these slaves will work in the background and will
not directly offer services to the Internet. By the same token, this
is a word of caution to those projects who are requesting
desktop-grade Linux distros for their project virtual servers, which
will be Internet-facing.
So at this time, sit back, relax, and get work done. There's no need
to change your password or private key at Eclipse unless you feel
compelled to do so.
Denis
|