Technology news and Jobs arrow Information Technology News arrow Red Hat fesses up to Fedora FOSS security fiasco
Red Hat fesses up to Fedora FOSS security fiasco E-mail
by Davey Winder   
Sunday, 24 August 2008
The Fedora-Announce-List posting by Red Hat's Fedora project leader Paul Frields admits that "some Fedora servers were illegally accessed" and even that the "intrusion into the servers was quickly discovered, and the servers were taken offline."

Register now to win a Canon EOS 500D Cannon EOS 500D Digiral SLR

Yet it has taken more than a week to disclose this information.

"While there is no definitive evidence that the Fedora key has been compromised" the posting continues "because Fedora packages are distributed via multiple third-party mirrors and repositories, we have decided to convert to new Fedora signing keys."

So, nothing serious then (not) yet still it has taken more than a week to disclose this information.

I think the icing on this particular cheesecake would have to come with "Our previous warnings against further package updates were based on an abundance of caution, out of respect for our users."

Sorry, but respect in the world FOSS hangs around one single word: open. Fedora has most certainly not been open in this case, at least not open enough, not quickly enough.

The promise to "continue to keep the Fedora community notified of any updates" is tempered by the concluding line of "Thank you again for your patience."

Is it really that far off the mark to suggest that one of the major benefits, from the security and bugs perspective, of open source is that problems are disclosed immediately and the community can therefore act quickly to correct them?

By not disclosing this information in a timely fashion, has Red Hat not done the whole FOSS movement a disservice?

Please enable JavaScript in your browser to post your comment!

Tags See All Tags Add New Tag...

Please Enter New Tags Separated By Comma's
  Or Close

Breach  Davey Winder  Disclosure  FOSS  Fedora  Linux  Open Source  OpenSSH  Red Hat  Security 
Powered By Joomla Tags



 
< Next story in category   Previous story in the category >
iTWire user statistics Visitors last 30 days
665,005
Subscribers 14,517
#1 independent technology news advertise here
  •   *  
  • Search
  • AdvSeach
  • Login
  • Events
  • FreeStuff

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter