Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for December 5, 2013
Deadline scheduling: coming soon?
LWN.net Weekly Edition for November 27, 2013
ACPI for ARM?
LWN.net Weekly Edition for November 21, 2013
Posted Sep 11, 2008 14:30 UTC (Thu) by grantingram (guest, #18390)
That was a reference to a novel by George Orwell called "Animal Farm" about evil governments. A short explanation is found at bartleby.com
The point I think the poster is making is: some members of the community (Fedora Board members who work for Red Hat) have access to information that others do not (Fedora Board members who do not work for Red Hat).
Posted Sep 11, 2008 14:42 UTC (Thu) by skvidal (subscriber, #3094)
Posted Sep 11, 2008 15:32 UTC (Thu) by grantingram (guest, #18390)
Actually I was just attempting to be helpful - I'm not the one who made the "more equal" comment.
But I think that what makes them "more equal" is that they have information that others don't?
Posted Sep 11, 2008 18:11 UTC (Thu) by rahulsundaram (subscriber, #21946)
Posted Sep 11, 2008 16:07 UTC (Thu) by jake (editor, #205)
This seems to imply they are employees of the hosting/colo facility that Red Hat and Fedora use. If true, it is a little tidbit of information, which seem to keep dribbling out. Perhaps that is what you were trying to say on Tuesday in #fedora-board-public about Debian (or other distros) being just as susceptible to the information disclosure problem as Fedora/Red Hat currently are.
If so, beating around the bush is just causing annoyance to no good end. I recognize that you (and Fedora, perhaps even Red Hat) don't get to make those decisions, but whoever does should get an earful imo.
Posted Sep 11, 2008 16:12 UTC (Thu) by skvidal (subscriber, #3094)
Three examples of this:
- Dennis Gilmore
- Ricky Zhou
I didn't mean to confuse anything.
Same problem, different perceptions
Posted Sep 11, 2008 17:36 UTC (Thu) by quaid (guest, #26101)
Jake, thanks for attending the meeting and engaging in a lively discussion. I appreciate that you are trying to separate your feelings/fears/concerns as a Fedora user from your role as a reporter.
In the open public question/discussion channel, I think you showed (and identified) your personal bias that the existence of Red Hat in Fedora's affairs makes Fedora less of a community distro. Myself, other Board members, and other community members provided several examples and reasons of how the situation with Fedora and with previous distro security problems are not equivalent.
There has never been an equivalent situation to what happened to Fedora, and it has nothing to do specifically with Red Hat. Red Hat just happens to be the incorporated-in-the-US entity involved that changed the tenor of the situation. That could happen to any distro, and it does not diminish their being a "truly community distro." I think Seth's example was a great one:
skvidal lwnjake: here's an example
skvidal lwnjake: a debian server gets crack[ed]
skvidal lwnjake: the cracker hosts A LOT of kiddie porn
skvidal and terrorist documentation
skvidal the hosting provider gets a national security letter
skvidal debian is down and out
skvidal and not allowed
skvidal AT ALL
skvidal to speak about it
skvidal would that be a failing of debian?
lwnjake we can discuss scenarios all day, it doesn't change the fact that you folks can't even confirm whether you know how the intrusion occurred
skvidal or would it be the fact that law is different
You and others keep asking questions that people are repeatedly saying they are not able to answer. Ironically, the answer is probably staring you in the face, but if you believe "... it comes from red hat legal or at least that is the perception", you continue to look for answers that implicate an Evil Overlord.
Posted Sep 11, 2008 20:16 UTC (Thu) by jake (editor, #205)
My use of "community" was not really describing what I meant. "Independent" is a much better word and the one I used in the article. I did not mean to push the hot button that Fedora folks have (understandably) about being a "community" distribution.
> if you believe "... it comes from red hat legal or at least that is the
> perception", you continue to look for answers that implicate an Evil
I, like most folks, don't know what to believe. Someone is stopping you (perhaps not you personally, but Fedora) from telling us important things like whether you know how the intrusion happened. Whoever is doing that has done a grave disservice to the reputation of Fedora and Red Hat.
You, and others, have implied that it is some kind of law enforcement agency, perhaps even a National Security Letter, that is stopping *any* information from being released. If so, one hopes that Red Hat's lawyers are busy doing whatever they can to circumvent that. Fedora and Red Hat have a responsibility to their customers and the community that is being set aside.
It's not that folks don't understand that Fedora cannot say any more than it has, it's that they fairly strongly believe that more could be said without jeopardizing whatever ongoing investigation there is. While we eventually want to know what all the hubbub is about, what we want to know *now*, nearly a month after the incident, is what, if anything, we need to be on the lookout for. If there is some unknown exploit out there, many eyes are more likely to find it than one. If there isn't, then someone should force the entity responsible to *say* so.
Posted Sep 11, 2008 20:38 UTC (Thu) by pr1268 (subscriber, #24648)
Very well said! And I'd also like to thank you, Jake, for participating in this discussion.
Even as a non-RH/Fedora user, I'm still following this whole story closely as the incident, its aftermath, and RH's/Fedora's corrective strategies all impact Free/Open Source in general.
Posted Sep 11, 2008 20:51 UTC (Thu) by skvidal (subscriber, #3094)
"These efforts have also not resulted in the discovery of additional security vulnerabilities in packages provided by Fedora."
and then I'll quote from my own blog:
" Just to dispell this concern. Every package we (fedora infrastructure) have installed or updated on a system since the incident occurred is public and available."
Hope this helps.
Posted Sep 11, 2008 21:08 UTC (Thu) by jake (editor, #205)
Which can be read several different ways:
- we don't know how the intrusion occurred
- we do know, but it wasn't an "additional security vulnerability" in a package that Fedora ships, which leaves packages that Fedora doesn't ship as well as known, but unpatched, vulnerabilities
- probably other interpretations depending on what the meaning of "is" is
I know you are trying to be helpful and you folks don't like this any more than I do, but after almost a month, I think we are due more than lawyer-ese like the above.
Posted Sep 12, 2008 11:03 UTC (Fri) by russell (guest, #10458)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds