Misleading information

Kevin Kofler kevin.kofler at chello.at
Fri Apr 3 23:21:28 UTC 2009


Rahul Sundaram wrote:
> All that is completely wrong as well. The reference to OpenSSH might be
> a confusion with the Red Hat intrusion but the reference to RPM is just
> totally made up.  CC'ing Paul Frields.

The confusion is actually with the fact that the intruder built custom
OpenSSH and RPM packages to run on the machine itself (as per Paul
Frields's report), the journalist just didn't understand that those didn't
get signed nor pushed to any other machine.

I really hate software news written by non-developers, they almost always
get some detail wrong. The only reliable source of information is the
project itself. Unfortunately, new users and even some experienced ones
tend to trust the press way too much without doing any fact checking.

        Kevin Kofler




More information about the users mailing list