iTWire - Debian shows how security snafu should be handled

IT&T JOBS|Discussion forum|Releases|Technology Events|IT News for mobile|

Today on iTWire iPhone IT News Telecommunications People Our Blogs Tech Lifestyle Science Sustainability

Live Technology Events - Training - Forums - Summits

Blog

Technology news and Jobs

Debian shows how security snafu should be handled

Debian shows how security snafu should be handled

E-mail

by Sam Varghese
Friday, 30 May 2008
Page 2 of 3 One line of discussion on the developers' mailing list was kicked off by Joey Hess who proposed the idea that any changes to the sources from upstream be considered a bug; a second came from Raphael Hertzog who outlined a method of handling Debian patches to make them more visible. (Debian developers make changes to packages due to one reason or another. One of the better known changes is the renaming of the Firefox browser as Iceweasel and the Thunderbird mail client as Icedove; these name changes were made because the Mozilla Corporation asked the project to stop using the name 'Firefox' in its version of Firefox, unless the fox on a globe logo was used. The logo could not be used because its copyright license is not free and violated the Debian free software guidelines. Further, even if the logo could somehow be used, the Mozilla people wanted to vet every patch applied by Debian before a package called Firefox containing it was released. This, plainly, was not a workable solution). When a bug such as the OpenSSL one is disclosed, how do ordinary users react? How does the IT consultancy which is a small business - or often a one-man outfit - cope? To get an idea, I posted a message to both the local Linux user groups and asked for reactions. The Melbourne Linux User Group continued the Debian tradition of openness and allowed my post to go through. List admin Mark Campbell jocularly commented that only Red Hat and its derivatives were of significance any more! IT consultant Andrew McGlashan, who runs mostly the stable distribution (Etch) on servers, said he had to recreate some certificates and re-do the certificate authority as well. "Most access to my servers is limited to known and accepted IP addresses for anything requiring 'real' security though. Email and https are a little more," he added. McGlashan said he thought the information was disclosed well enough on the Debian security mailing list and there was plenty of help for anyone who needed it to get sorted out after the problem was fixed. << First page < 1 2 3 Next page > Last page - Post your comment >>

< Next story in category		Previous story in the category >

Sponsored Releases

Open Text Plans to Further Align with the Latest Microsoft Technologies

Sterling Commerce Cited as a Leader in Order Management Hubs by Independent Research Firm

NetSuite Australia Targets salesforce.com Customers

DST International parent company, DST Systems, Inc., acquires Bluedoor Technologies Pty Ltd

New Encom Software Solution Provides a Boost to 3D Visualisation

RightNow Survey: Good Customer Experiences Key Differentiator for Companies as Consumers Cut Spend

...Promote yourself here

Latest jobs

Visitors last 30 days
Suscribers

904,266
13,751

#1 independent technology news advertise here

Subscribe to our free e-newsletter

- Advertisement -

Sporting Club Scores Communications Win

Sporting Club Scores Communications Win

Today on iTWire

Subscribe to the RSS

Open Sauce focuses on the wonderful, wacky world of free and open source software where people write great applications and actually allow others to use them without payment.

...Promote yourself here