[Ambassadors] The Fedora-Red Hat Crisis
Tarek Taha
tataha at eng.uts.edu.au
Wed Sep 10 08:54:41 UTC 2008
Well what was very inaccurate in his article and annoyed me was these parts
:
It was only on August 22 that Frields was permitted to announce that, "Last
week we discovered that some Fedora servers were illegally accessed. The
intrusion into the servers was quickly discovered, and the servers were
taken offline . . . .One of the compromised Fedora servers was a system used
for signing Fedora packages. However, based on our efforts, we have high
confidence that the intruder was not able to capture the passphrase used to
secure the Fedora package signing key."
and
> By contrast, the Fedora-Red Hat announcements not only concealed
> information, but gave users no way to investigate their own system for
> problems, nor any means of protection beyond the negative one of not
> installing or updating. Faced with a security problem, Red Hat reacted far
> less like Debian and much more like Microsoft, which is notorious for
> denying security problems until a patch is ready. No doubt it tried to
> protect its corporate interests, but it did next to nothing for users. When
> trouble came, FOSS interests and standards were apparently jettisoned in
> favor of immediate business concerns.
Now while I agree about the fact that RedHat/Fedora were slow to announce
the reason behind the infrastructure outage, I remember clearly that RedHat
released on the 22'nd of August (he ignored this or he wasn't aware of it)
detailed information about the intrusion and a shell script for users to
check if there systems were affected or if the openssh package was
compromised quoting from RedHat: "this script lists the affected packages
and can verify that none of them are installed on a system: ", and is the
link http://www.redhat.com/security/data/openssh-blacklist.html
I think someone should take the responsibility of replying to the author of
this article just to correct his inaccuracies.
Regards,
Tarek
2008/9/10 ankur sinha <sanjay_ankur at yahoo.co.in>
> hi,
>
> I dont realy think the articles worth too much..Both sides handled the
> situation as well as possible keeping boths interests in mind. Comaring it
> with Debians situation isnt right..
>
> regards,
>
> Ankur
>
>
> --- On *Wed, 10/9/08, Shambo Bose <shambo.linux at gmail.com>* wrote:
>
> From: Shambo Bose <shambo.linux at gmail.com>
> Subject: Re: [Ambassadors] The Fedora-Red Hat Crisis
> To: fedora-ambassadors-list at redhat.com
> Date: Wednesday, 10 September, 2008, 1:39 PM
>
>
>
> 2008/9/10 Peter Reuschlein <peter at reuschlein.de>
>
>> Tarek Taha schrieb:
>>
>>>
>>> http://itmanagement.earthweb.com/osrc/article.php/3770216/The+Fedora-Red+Hat+Crisis.htm
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> --
>>> Fedora-ambassadors-list mailing list
>>> Fedora-ambassadors-list at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-ambassadors-list
>>>
>>
>> Good Article,
>>
>> sorry but a +1 for me... Its nearly like i saw and still see the things
>> running currently.
>>
>> regards
>> Peter
>>
>>
>> --
>> Fedora-ambassadors-list mailing list
>> Fedora-ambassadors-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-ambassadors-list
>>
>>
>
> NICE !!!!
>
> --
> Fedora-ambassadors-list mailing listFedora-ambassadors-list at redhat.comhttps://www.redhat.com/mailman/listinfo/fedora-ambassadors-list
>
>
> ------------------------------
> Download prohibited? No problem. CHAT<http://in.rd.yahoo.com/tagline_webmessenger_1/*http://in.webmessenger.yahoo.com/>from any browser, without download.
> --
> Fedora-ambassadors-list mailing list
> Fedora-ambassadors-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-ambassadors-list
>
>
--
---------------------------------------------------
Tarek Taha
Doctoral Candidate
ARC Centre for Autonomous Systems
University of Technology, Sydney
ph: +61 2 9514 3147
web: http://www.tarektaha.com
----------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-ambassadors-list/attachments/20080910/80cd1d7d/attachment.htm>
More information about the Fedora-ambassadors-list
mailing list