IMPORTANT: If you have installed software from Common-lisp.net on or after
21st of May, there is a remote possibility that the sources have been
compromised, and we recommend you take the appropriate steps. More details
below.
Common-lisp.net has been attacked and is temporarily down for maintenance.
We hope to be back in business as usual within a few days, with new
security measures in place.
The attacker gained shell on 21st or 22nd of May (probably through a CVS
vulnerability) and was trying to gain root when detected on the 24th. It
seems that we were also being used to lauch a DOS attack against a third
party. We currently believe that no other damage was done, but are doing a
full reinstall of OS and other software to be on the safe side.
Read-only access to project directories at a temporary location will be
made available for developers at the earliest opportunity so that they can
do their own audits, and hopefully continue development with minimum
interruptions.
With apologies,
-- Nikodemus Siivola, Common-lisp.net staff