Technology news and Jobs 
Information Technology News Red Hat fesses up to Fedora FOSS security fiasco
Information Technology News Red Hat fesses up to Fedora FOSS security fiasco | Red Hat fesses up to Fedora FOSS security fiasco |
|
| by Davey Winder | |
| Sunday, 24 August 2008 | |
|
Page 2 of 2 The Fedora-Announce-List posting
by Red Hat's Fedora project leader Paul Frields admits that "some
Fedora servers were illegally accessed" and even that the "intrusion
into the servers was quickly discovered, and the servers were taken
offline."Yet it has taken more than a week to disclose this information. "While there is no definitive evidence that the Fedora key has been compromised" the posting continues "because Fedora packages are distributed via multiple third-party mirrors and repositories, we have decided to convert to new Fedora signing keys." So, nothing serious then (not) yet still it has taken more than a week to disclose this information. I think the icing on this particular cheesecake would have to come with "Our previous warnings against further package updates were based on an abundance of caution, out of respect for our users." Sorry, but respect in the world FOSS hangs around one single word: open. Fedora has most certainly not been open in this case, at least not open enough, not quickly enough. The promise to "continue to keep the Fedora community notified of any updates" is tempered by the concluding line of "Thank you again for your patience." Is it really that far off the mark to suggest that one of the major benefits, from the security and bugs perspective, of open source is that problems are disclosed immediately and the community can therefore act quickly to correct them? By not disclosing this information in a timely fashion, has Red Hat not done the whole FOSS movement a disservice?
|
Tags
| < Next story in category | Previous story in the category > |
|---|
