The Gnome Project said Tuesday that its servers have apparently been breached, potentially delaying the latest release of its desktop system for Linux.
In a e-mail alert sent Tuesday, the managers of the project told developers that they had found evidence indicating that the server hosting Gnome.org had been breached. Gnome and its rival KDE provide the two major desktop systems used on computers running the Linux operating system.

"We are investigating further and will provide updates as we know more," Owen Taylor, a member of the Gnome system administration team and a software engineer for Red Hat's desktop group, stated in a two-paragraph advisory on the Gnome Announcements mailing list. "We hope to have the essential services hosted on the affected machine up and running again as soon as possible."

The short message also stated that the administrators believed the source code repository, which contains the current development work on Gnome software, was unaffected by the breach.

A member of the Gnome development team said that the next version of the software, Gnome 2.6, will likely be delayed a few days while the project members investigate the breach. The software was scheduled to be released on Wednesday.

"We don't expect any significant effect on Gnome development," the team member said on condition of anonymity. "Because it happened right before the 2.6 release, we'll probably have to push (the release) back a few days but that should be all."

The apparent trespass is the latest blow for the security of open-source development projects.

In November, the servers for two Linux projects--Debian and Gentoo--were compromised. Earlier the same month, an attacker managed to gain access to a server that mirrored the latest version of the code for the Linux kernel. And in March and December separate attacks on servers hosting software under development by the GNU Project, the source of much of the free software used by Linux, successfully breached those systems.

Members of the Gnome Project noticed some "suspicious processes running on the Gnome.org" server, said the developer. An investigation revealed several files in a temporary directory that led the team to believe that someone was able to run commands and to search for vulnerabilities.

"As far as we know at this point no damage was done other than the loss of services while we clean up and get things back in place," said the team member. "We're, of course, investigating thoroughly to make sure that we know the full extent of the break-in and will provide a full update to the community when we finish that."
http://zdnet.com.com/2100-1105_2-5178168.html