[go: up one dir, main page]
|
|
Log in / Subscribe / Register

Fedora, Red Hat, and distributor security

Fedora, Red Hat, and distributor security

Posted Aug 26, 2008 19:07 UTC (Tue) by OLPC (guest, #47981)
Parent article: Fedora, Red Hat, and distributor security

Note it can be very time consuming to figure out exactly how far/what was vulnerable in a compromise.

Depending on the precise circumstances it may be quick, or very slow to be able to come to a final conclusion on happened....

When freedesktop was compromised, it was several months before the *last* project hosted there verified that no source had been tampered with, and we could finally conclude it was extremely likely the compromise was just a spammer attracted to a fast machine on a gigabit/second link. Everything important was up within a week or so. In the RH/Fedora case, they are in a much worse situation.

So your milage will vary....

to post comments

Trust: Fedora, Red Hat, and distributor security

Posted Aug 28, 2008 19:57 UTC (Thu) by jcvw (subscriber, #50475) [Link]

Your mileage may vary a lot...
You cannot ever trust what you get, not even when you recompile yourself, not even when recomiling gcc.

Don't forget Ken Thompson's Turing award lecture...

See http://cm.bell-labs.com/who/ken/trust.html


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds