[go: up one dir, main page]

|
|
Log in / Subscribe / Register

Fedora, Red Hat, and distributor security

Fedora, Red Hat, and distributor security

Posted Aug 26, 2008 6:18 UTC (Tue) by JoeBuck (guest, #2330)
In reply to: Fedora, Red Hat, and distributor security by sbergman27
Parent article: Fedora, Red Hat, and distributor security

If you've suddenly decided not to trust that Red Hat and Fedora are telling the truth, what are you going to install? You could install from older media, and then you get the security bugs back. To get the bug fixes, you have to upgrade, but since you say that you won't trust that they've gotten the bad guys out, how are you going to do that?

There's no rational reason why a reinstall would be a good move.


to post comments

Fedora, Red Hat, and distributor security

Posted Aug 26, 2008 17:39 UTC (Tue) by sbergman27 (guest, #10767) [Link]

"""
If you've suddenly decided not to trust that Red Hat and Fedora are telling the truth, what are you going to install?
"""

Good point. It really depends upon how many hours, days, or weeks, one thinks that the "infrastructure issues" have actually been going on. Their carefully worded statement (written by RH Legal and channeled through Paul, IMO) implies that they caught it quickly. If one believes that, then one could simply reinstall and apply only the security related updates. (There is a yum plugin to do that.) As of Aug 25, 2008, they have not released any security updates since Aug 12, 2008 anyway. And I think that we can be reasonably certain that they have expunged the intruders at this time. If the baddies had actually been into their infrastructure for longer, it may make more sense to reinstall... another distro. (I would not be in that camp, though.) The problem, there, is deciding what to install. For servers SLES comes to mind. But I'd trust Novell even less during such a time of crisis. I'm really, really, not one to push Debian. But, in this context, I must admit that I would trust them, more than just about anyone else, to be forthcoming, communicative, and to do the right thing (after a number of absolutely *huge* and entertaining flame wars on their mailing lists) even if it meant damaging their reputation. Viewed from a financial liability standpoint, whereas Red Hat has much to protect, with Debian... well... you can't get blood out of a turnip.

Oh my. I fear that I may have succeeded in offending pretty much everybody with this post. Try to take it in the spirit in which it was intended. :-)

-Steve


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds