Gracious!

Gracious!

Posted Aug 19, 2008 14:47 UTC (Tue) by dwheeler (guest, #1216)
In reply to: Another update on Fedora infrastructure by kragil
Parent article: Another update on Fedora infrastructure

Again, let's give them credit; whatever the problem is, they are clearly taking it really seriously, as evidenced by the extraordinary steps they're taking. And we don't know if AppArmor (etc.) would have done any better. Generally Fedora/Red Hat work especially hard on preventing attack (see their SELinux work, stack protection, etc.); I think it's silly to imply that they don't take security seriously.

Here's hoping that it's some sort of serious compiler bug, instead of an attack. However, while I don't have any inside information, I wouldn't bet on that. The sheer secrecy of details suggests a serious attack.

---

(Log in to post comments)

I'm sorry. Speculating is fun though.

Maybe they introduced a trojan into the build sources for an update and Linus installed that
update and then they changed the kernel source on Linus' box ( because he is running fedora,
isn`t he. He shouldn`t say something like that by the way, makes him _obviously_ more
vulnerable ;P ) and from now on all kernels will be exploitable by default... B)

But seriously: I'm just kidding .. like I said: Speculating is fun.

All this secrecy gets tiring. First the huge bubble about DNS, now Fedora. What I kinda miss
in all of this mess is an informant leaking details ;-)

Fedora said it:

"We know the community is awaiting more detail on the past week's
activities and their causes.  We're preparing a timeline and details and
will make them available in the near future.  We appreciate the
community's patience, and will continue to post updates to the
fedora-announce-list as soon as possible."

Paul has told us all that he's going to make this known in the near future.  I know I'll be
holding Fedora to that :)