A developer of some Ruby Gems pulled the code as a statement against certain entities (Department of Homeland Security — DHS) ultimately using the code. Chef gets owned in the process.
ZDNet has a good rundown of the incident:
https://www.zdnet.com/article/developer-takes-down-ruby-library-after-he-finds-out-ice-was-using-it/
It seems that developers at chef may have used an old copy of the dev's code to get things back up and running again, which seems like exactly the wrong approach.
(Score: 1, Touché) by Anonymous Coward on Monday September 23 2019, @06:56AM (2 children)
Just so. Especially if you don't care *which* "multiple people" have such access, as Webmin is notoriously insecure.
cf. https://www.google.com/search?q=webmin+security+issues [google.com]
(Score: 0) by Anonymous Coward on Tuesday September 24 2019, @06:28AM (1 child)
You obviously didn't notice the first part of that comment linked to a story titled "Webmin Backdoored for Over a Year."
(Score: 0) by Anonymous Coward on Tuesday September 24 2019, @06:54AM
I did not. But that doesn't invalidate my post. In fact, I think it dovetailed nicely with GP's.
What's more, I upmodded GP once I saw the posting to which the link pointed.