[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Ambassadors] The Fedora-Red Hat Crisis



Well what  was very inaccurate in his article and annoyed me was these parts :

It was only on August 22 that Frields was permitted to announce that, "Last week we discovered that some Fedora servers were illegally accessed. The intrusion into the servers was quickly discovered, and the servers were taken offline . . . .One of the compromised Fedora servers was a system used for signing Fedora packages. However, based on our efforts, we have high confidence that the intruder was not able to capture the passphrase used to secure the Fedora package signing key."
and
By contrast, the Fedora-Red Hat announcements not only concealed information, but gave users no way to investigate their own system for problems, nor any means of protection beyond the negative one of not installing or updating. Faced with a security problem, Red Hat reacted far less like Debian and much more like Microsoft, which is notorious for denying security problems until a patch is ready. No doubt it tried to protect its corporate interests, but it did next to nothing for users. When trouble came, FOSS interests and standards were apparently jettisoned in favor of immediate business concerns.

 
Now while I agree about the fact that RedHat/Fedora were slow to announce the reason behind the infrastructure outage, I remember clearly that RedHat released on the 22'nd of August (he ignored this or he wasn't aware of it) detailed information about the intrusion and a shell script for users to check if there systems were affected or if the openssh package was compromised  quoting from RedHat: "this script lists the affected packages and can verify that none of them are installed on a system: ", and is the link http://www.redhat.com/security/data/openssh-blacklist.html
I think someone should take the responsibility of replying to the author of this article just to correct his inaccuracies.

Regards,
Tarek

2008/9/10 ankur sinha <sanjay_ankur yahoo co in>

hi,

I dont realy think the articles worth too much..Both sides handled the situation as well as possible keeping boths interests in mind. Comaring it with Debians situation isnt right.. 

regards,

Ankur


--- On Wed, 10/9/08, Shambo Bose <shambo linux gmail com> wrote:
From: Shambo Bose <shambo linux gmail com>
Subject: Re: [Ambassadors] The Fedora-Red Hat Crisis
To: fedora-ambassadors-list redhat com
Date: Wednesday, 10 September, 2008, 1:39 PM




2008/9/10 Peter Reuschlein <peter reuschlein de>
Tarek Taha schrieb:
------------------------------------------------------------------------

--
Fedora-ambassadors-list mailing list
Fedora-ambassadors-list redhat com
https://www.redhat.com/mailman/listinfo/fedora-ambassadors-list

Good Article,

sorry but a +1 for me... Its nearly like i saw and still see the things running currently.

regards
Peter


--
Fedora-ambassadors-list mailing list
Fedora-ambassadors-list redhat com
https://www.redhat.com/mailman/listinfo/fedora-ambassadors-list



NICE !!!!
--
Fedora-ambassadors-list mailing list
Fedora-ambassadors-list redhat com
https://www.redhat.com/mailman/listinfo/fedora-ambassadors-list


Download prohibited? No problem. CHAT from any browser, without download.
--
Fedora-ambassadors-list mailing list
Fedora-ambassadors-list redhat com
https://www.redhat.com/mailman/listinfo/fedora-ambassadors-list




--
---------------------------------------------------
Tarek Taha
Doctoral Candidate
ARC Centre for Autonomous Systems
University of Technology, Sydney
ph: +61 2 9514 3147
web: http://www.tarektaha.com
----------------------------------------------------

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]