Fedora, Red Hat, and distributor security

Good point. It really depends upon how many hours, days, or weeks, one thinks that the "infrastructure issues" have actually been going on. Their carefully worded statement (written by RH Legal and channeled through Paul, IMO) implies that they caught it quickly. If one believes that, then one could simply reinstall and apply only the security related updates. (There is a yum plugin to do that.) As of Aug 25, 2008, they have not released any security updates since Aug 12, 2008 anyway. And I think that we can be reasonably certain that they have expunged the intruders at this time. If the baddies had actually been into their infrastructure for longer, it may make more sense to reinstall... another distro. (I would not be in that camp, though.) The problem, there, is deciding what to install. For servers SLES comes to mind. But I'd trust Novell even less during such a time of crisis. I'm really, really, not one to push Debian. But, in this context, I must admit that I would trust them, more than just about anyone else, to be forthcoming, communicative, and to do the right thing (after a number of absolutely *huge* and entertaining flame wars on their mailing lists) even if it meant damaging their reputation. Viewed from a financial liability standpoint, whereas Red Hat has much to protect, with Debian... well... you can't get blood out of a turnip.

Oh my. I fear that I may have succeeded in offending pretty much everybody with this post. Try to take it in the spirit in which it was intended. :-)

-Steve