Warning this article may contain opinions of the author that you and iTWire don't agree with.
Visit the last page to have your say in our forum.

No. 1 Story

Telstra adds one million mobile services, but Sensis plummets

Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.

 read more
StumbleUponSubmit to redditShare this on TwitterShare on facebook | Print |PDF 

Debian shows how security snafu should be handled

Sam Varghese
Thursday, 29 May 2008 22:32

Opinion and Analysis

Page 2 of 3

One line of discussion on the developers' mailing list was kicked off by Joey Hess who proposed the idea that any changes to the sources from upstream be considered a bug; a second came from Raphael Hertzog who outlined a method of handling Debian patches to make them more visible.
Microsoft Office 365 Get your free Trial

(Debian developers make changes to packages due to one reason or another. One of the better known changes is the renaming of the Firefox browser as Iceweasel and the Thunderbird mail client as Icedove; these name changes were made because the Mozilla Corporation asked the project to stop using the name 'Firefox' in its version of Firefox, unless the fox on a globe logo was used. The logo could not be used because its copyright license is not free and violated the Debian free software guidelines. Further, even if the logo could somehow be used, the Mozilla people wanted to vet every patch applied by Debian before a package called Firefox containing it was released. This, plainly, was not a workable solution).

When a bug such as the OpenSSL one is disclosed, how do ordinary users react? How does the IT consultancy which is a small business - or often a one-man outfit - cope? To get an idea, I posted a message to both the local Linux user groups and asked for reactions.

The Melbourne Linux User Group continued the Debian tradition of openness and allowed my post to go through. List admin Mark Campbell jocularly commented that only Red Hat and its derivatives were of significance any more!

IT consultant Andrew McGlashan, who runs mostly the stable distribution (Etch) on servers, said he had to recreate some certificates and re-do the certificate authority as well. "Most access to my servers is limited to known and accepted IP addresses for anything requiring 'real' security though.  Email and https are a little more," he added.

McGlashan said he thought the information was disclosed well enough on the Debian security mailing list and there was plenty of help for anyone who needed it to get sorted out after the problem was fixed.

Start 1 2 3 Next 

Sponsored Announcements

Websense #1 in Web Security Fourth Year in a Row

David Bass | For the fourth year in a row, IDC has placed content security provider Websense (NASDAQ: WBSN) at the top of the IDC Worldwide Web Security 2011 –…

You may have missed


Advertisement

- sponsored feature -

The Death of Traditional BI: What’s Next?

How to Make Business Discovery Work for Your Business IP PABX BUYING GUIDE

Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases