Majority of Ubuntu community servers compromised, servers were using clear-text FTP ...

Greg Dekoenigsberg gdk at redhat.com
Fri Aug 17 17:40:37 UTC 2007 

On Fri, 17 Aug 2007, Bryan J. Smith wrote:

> First off, this is _not_ an anti-Ubuntu e-mail.  I not only and
> regularly deal with supporting Ubuntu in corporate environments, but
> I run Xubuntu on older hardware myself.
>
> Secondly, a lot of commentary here has surrounded trying to reach
> contributors.  There is a lot of complaints on everything from the
> agreements to workflow, and the fact that sometimes (although not as
> often anymore with APT/YUM being so commonplace) that contributors
> bark about the security hoops.
>
> Third, I have long commended how the Fedora Project (like Red Hat
> Linux before it) has always addressed "what must be done, no
> exceptions," even though many things lead to complaints.  Some things
> just cannot budge, and no matter how you try to explain such things
> to people, some just aren't going to care.
>
> Fourth, as I have repeatedly stated, Conical will find itself in the
> same positions as Red Hat has more and more.  Conical will address
> those situations much like Red Hat, and suffer the same, misguided
> but not so uncommon, "demonizations" as a result -- especially as it
> becomes less and less "new" to people.
>
> "Ubuntu Servers Hijacked, Used to Launch Attack"
>  http://www.eweek.com/article2/0,1895,2171318,00.asp

One thing I would say about the Fedora / Red Hat partnership:

There are some things that a Community does well, and there are some 
things that a Company does well.

Security audits and the like are Boring, Painful, and No Fun At 
All.  But they are necessary.  And Companies are far better suited to deal 
with things that are Boring, Painful, and No Fun At All because Companies 
can compensate people with Actual Money.

It is the duty of the Company (in our case, Red Hat) to be Responsible for 
these Boring, Painful, and No Fun At All duties, in order to enable the 
Community (in our case, Fedora) to do what they do well: production, 
experimentation, and innovation.

Now, in Fedora, we're very lucky; the Fedora Infrastructure team, which is 
fairly well divided between Community and Company resources, is absolutely 
top-notch.  But the recent misfortunes of Ubuntu (and the less publicized 
misfortunes of Gentoo) are a stark reminder that we must not become 
complacent.  There, but for the grace of God and a vigilant FI team, go 
us.

--g

-- 
Greg DeKoenigsberg
Community Development Manager
Red Hat, Inc. :: 1-919-754-4255
"To whomsoever much hath been given...
...from him much shall be asked"

More information about the Fedora-marketing-list mailing list