To be fair, fairer, fairest...
"It being open-source software that anyone can audit, one might have expected the SQL injection vulnerability to have been discovered and fixed long ago. To be fair, GNU.org is by no means the only popular open-source project to have been ransacked by hackers."
To be fair, it being open-source software that anyone can audit, one might have expected the SQL vuln to have been exploited long ago (if it was that trivial).
To be "fairer", the raise in attacks against open-source repos is quite interesting. I can see two possible explanations:
1. open-source software has "gained" so much "traction" with the "market" (as the strategy boutiques put it) that it's become a wothy target for miscreants.
2. traditional target products (read Microsoft, Adobe, etc) are finally putting their act together and are increasingly harder to crack, comparatively making traditional strongholds look weaker than before.
To be the "fairest", both factors probably contribute, and I would hazard to say that it's a good sign for open-source software, as in most cases the code repositories were compromised, not the customer systems. When you think about it as a "customer" sysadmin, it feels much safer than MS /et al/ systems where the miscreants target YOU directly. Well, unless you're running Savane with MD5 hashes, but who in their right mind uses MD5 nowadays? ;-)
Semi-troll post, hence the icon.