Well what was very inaccurate in his article and annoyed me was these parts
:
It was only on August 22 that Frields was permitted to announce that, "Last
week we discovered that some Fedora servers were illegally accessed. The
intrusion into the servers was quickly discovered, and the servers were
taken offline . . . .One of the compromised Fedora servers was a system used
for signing Fedora packages. However, based on our efforts, we have high
confidence that the intruder was not able to capture the passphrase used to
secure the Fedora package signing key."
and
By contrast, the Fedora-Red Hat announcements not only concealed
information, but gave users no way to investigate their own system for
problems, nor any means of protection beyond the negative one of not
installing or updating. Faced with a security problem, Red Hat reacted far
less like Debian and much more like Microsoft, which is notorious for
denying security problems until a patch is ready. No doubt it tried to
protect its corporate interests, but it did next to nothing for users. When
trouble came, FOSS interests and standards were apparently jettisoned in
favor of immediate business concerns.
Now while I agree about the fact that RedHat/Fedora were slow to announce
the reason behind the infrastructure outage, I remember clearly that RedHat
released on the 22'nd of August (he ignored this or he wasn't aware of it)
detailed information about the intrusion and a shell script for users to
check if there systems were affected or if the openssh package was
compromised quoting from RedHat: "this script lists the affected packages
and can verify that none of them are installed on a system: ", and is the
link
http://www.redhat.com/security/data/openssh-blacklist.html
I think someone should take the responsibility of replying to the author of
this article just to correct his inaccuracies.
Regards,
Tarek
2008/9/10 ankur sinha <sanjay_ankur(a)yahoo.co.in>
hi,
I dont realy think the articles worth too much..Both sides handled the
situation as well as possible keeping boths interests in mind. Comaring it
with Debians situation isnt right..
regards,
Ankur
--- On *Wed, 10/9/08, Shambo Bose <shambo.linux(a)gmail.com>* wrote:
From: Shambo Bose <shambo.linux(a)gmail.com>
Subject: Re: [Ambassadors] The Fedora-Red Hat Crisis
To: fedora-ambassadors-list(a)redhat.com
Date: Wednesday, 10 September, 2008, 1:39 PM
2008/9/10 Peter Reuschlein <peter(a)reuschlein.de>
> Tarek Taha schrieb:
>
>>
>>
http://itmanagement.earthweb.com/osrc/article.php/3770216/The+Fedora-Red+...
>>
>>
>> ------------------------------------------------------------------------
>>
>> --
>> Fedora-ambassadors-list mailing list
>> Fedora-ambassadors-list(a)redhat.com
>>
https://www.redhat.com/mailman/listinfo/fedora-ambassadors-list
>>
>
> Good Article,
>
> sorry but a +1 for me... Its nearly like i saw and still see the things
> running currently.
>
> regards
> Peter
>
>
> --
> Fedora-ambassadors-list mailing list
> Fedora-ambassadors-list(a)redhat.com
>
https://www.redhat.com/mailman/listinfo/fedora-ambassadors-list
>
>
NICE !!!!
--
Fedora-ambassadors-list mailing
listFedora-ambassadors-list@redhat.comhttps://www.redhat.com/mailman/listinfo/fedora-ambassadors-list
------------------------------
Download prohibited? No problem.
CHAT<http://in.rd.yahoo.com/tagline_webmessenger_1/*http://in.webmesse...
any browser, without download.
--
Fedora-ambassadors-list mailing list
Fedora-ambassadors-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-ambassadors-list
--
---------------------------------------------------
Tarek Taha
Doctoral Candidate
ARC Centre for Autonomous Systems
University of Technology, Sydney
ph: +61 2 9514 3147
web:
http://www.tarektaha.com
----------------------------------------------------