| |||||||||||||
|
| |||||||||||||
Another update on Fedora infrastructureAnother update on Fedora infrastructurePosted Aug 19, 2008 16:40 UTC (Tue) by dowdle (subscriber, #659)In reply to: Another update on Fedora infrastructure by kragil Parent article: Another update on Fedora infrastructure
As has been pointed out in a comment to a previous mention of an update notice... the most common thing it could be would be a compromised account of someone who had high administrative rights within their infrastructure. In security the weakest link is usually human and SELinux, AppArmor, etc can't defend against that... nor physical access. Of course I have no idea what the problem is/was. I think this is a testament to Fedora's ability to keep a tight lid on an issue... and keep it from leaking before they are ready to make an announcement. Great job guys!
(Log in to post comments)
Another update on Fedora infrastructure Posted Aug 19, 2008 16:51 UTC (Tue) by Sutoka (guest, #43890) [Link] This is what I was thinking. It wasn't that long ago that something similar happened in the Debian project, though that was 'only' a developer (and not an administrator IIRC). If one of the Fedora admins, say, had privileged login for several of the main fedora project servers saved on their laptop and then their laptop got stolen, the project may be taking all this as a precautionary attempt to change all their login/keys/etc and they're keeping quiet because they're hoping they can get everything before the person realizes what they got. Going further with this hypothetical, it's possible there were several days before the laptop being stolen and the Fedora projecting finding out so they may simply be worried that any would-be attackers were able to take any credentials on the laptop and spread to other parts of the system as well, and they're using this as an opportunity to do a *complete* audit/reinstalls/upgrades/etc. Then again, this is all speculation so I may be completely off.
|
|
||||||||||||