Red Hat fesses up to Fedora FOSS security fiasco
By Davey Winder
Sunday, 24 August 2008 16:45
Page 1 of 2
It all started with a highly cryptic Fedora-Announce mailing list posting which stated that "The Fedora Infrastructure team is currently investigating an issue in the infrastructure systems. That process may result in service outages, for which we apologize in advance."
Now, most sane-brained people would read that and think 'avoid downloading packages on Fedora systems' + 'issue in the infrastructure systems' = SECURITY BREACH!
Indeed, that is precisely what most sane-brained people, as well as many journalists, did think. The online news feeds were full of pet theories as to what had happened to cause the widespread Fedora service outages.
The blogosphere likewise. Everyone was hinting at a security breach. Everyone, that is, apart from Fedora.
Now, more than a week after that first warning post appeared, Fedora has eventually succumbed to the inevitable and, with arms firmly upwards, admitted that two separate server intrusions did compromise security as far as Rad Hat OpenSSH packages were concerned.
The question now being asked is does Red Hat have what it takes to be able to deal with security breach disclosure in an accurate and prompt manner? In a manner that you might expect from a group upholding the FOSS promise?
The answer ringing around much of the blogosphere, once you fight your way past the Windows Apologists on one side and the Linux Fanboys on the other, would appear to be 'not bloody likely' it seems.
So what did Red Hat have to say when admitting to the security breach and where does this leave it as far as the FOSS movement is concerned? Discover more on page 2...
CONTINUES
IT Institute industry certifications earn you credit towards our MBA or Master Degree qualification with Charles Sturt University. Click 
