[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[eclipse.org-committers] Heartbleed OpenSSL bug

Folks,

You may have heard about the Heartbleed bug in the OpenSSL libraries:

http://heartbleed.com/

We have not identified any Eclipse servers that are vulnerable to this bug. Although we upgrade our servers regularly as needed, our SLES Entreprise Linux typically lags behind with release versions of the packages it employs, preferring instead to backport security patches into the older, mature versions.

Using such a Linux distro typically means compromising the latest features for security and stability.  In this case, we feel that having a site that has remained secure and available to you, despite the severity of this bug, is definitely a worthy feature.

Moving forward, we're considering deploying some of the more leading-edge OS platforms for use within Hudson/HIPP for builds and tests. However, these slaves will work in the background and will not directly offer services to the Internet. By the same token, this is a word of caution to those projects who are requesting desktop-grade Linux distros for their project virtual servers, which will be Internet-facing.

So at this time, sit back, relax, and get work done. There's no need to change your password or private key at Eclipse unless you feel compelled to do so.

Denis

--
Denis Roy
Eclipse Foundation, Inc. -- http://www.eclipse.org/
@droy_eclipse