Majority of Ubuntu community servers compromised, servers were using clear-text FTP ...
clint at utos.org
Fri Aug 17 18:36:19 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Bryan J. Smith wrote:
> Greg Dekoenigsberg <gdk at redhat.com> wrote:
>> Now, in Fedora, we're very lucky; the Fedora Infrastructure team,
>> which is fairly well divided between Community and Company
>> resources, is absolutely top-notch.
> As a self-admitted "Red Hat apologist," there is no end to the
> demonizations I hear of Red Hat's "overriding decision making" on
> Fedora. Rumors fly about and when I hear them, I repeatedly find
> myself saying, "oh, that makes sense because of ..." of which I
> "just become the target," etc... ;)
>> But the recent misfortunes of Ubuntu (and the less publicized
>> misfortunes of Gentoo) are a stark reminder that we must not
>> become complacent. There, but for the grace of God and a
>> vigilant FI team, go us.
> There is no guarantee there will not be compromise of Fedora, let
> alone even Red Hat, resources on the Internet. That's just fact.
> In fact, the worst thing is to be compromised and not know about it
> (let alone under attack and not mitigate it before it reaches the
> state of compromise).
> But one thing I don't think I'll see is that it is the result of an
> overlooked process, poorly considered implementation or some lack
> of "due process" or, more directly yet, "due enforcement" in the
> Fedora model. Nay-sayers be damned, while it's not perfect, I
> consider it to "be the standard."
> In fact, just yesterday I had to explain to someone how the core
> approach and balance of community-company in Fedora is no different
> that what I saw in Red Hat Linux prior -- from the submission,
> test, release, etc..., including the build and security approaches.
> Fedora has just become a more formal, more open, more transparent
> enabler to the community, which is what I had always hoped it would
> With all that said, the few bits I've been getting on the Conical
> side shows they have actually been trying to address this for some
> time. And as I said before, Conical will run into more and more of
> these community-company considerations in the future. In fact,
> just last week I heard my first, "Conical is becoming like Red
> Hat." I neither consider that an insult of or a problem with
> consideration for the Ubuntu community or development. ;)
It's Canonical. Not Conical
Utah Open Source Conference
September 6-8, 2007
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the marketing