Look at this article: http://www.fudzilla.com/index.php?option=com_content&task=view&id=12...
It describes what happened in 2008 but it's not clear from the title. I know that journalist can write whatever they want but this is misleading information which is not up to date. The title should be " *** got hacked in 2008". Maybe someone from the "higher ranks" should officially demand better clarification in this writing.
Joshua C. wrote:
Look at this article: http://www.fudzilla.com/index.php?option=com_content&task=view&id=12...
It describes what happened in 2008 but it's not clear from the title. I know that journalist can write whatever they want but this is misleading information which is not up to date. The title should be " *** got hacked in 2008". Maybe someone from the "higher ranks" should officially demand better clarification in this writing.
"The hacker got access to the Fedora package signing key and used this to create modified versions of OpenSSH and RPM that would allow access to user passphrases on the build system to secure the package signing key."
All that is completely wrong as well. The reference to OpenSSH might be a confusion with the Red Hat intrusion but the reference to RPM is just totally made up. CC'ing Paul Frields.
Rahul
Rahul Sundaram wrote:
All that is completely wrong as well. The reference to OpenSSH might be a confusion with the Red Hat intrusion but the reference to RPM is just totally made up. CC'ing Paul Frields.
The confusion is actually with the fact that the intruder built custom OpenSSH and RPM packages to run on the machine itself (as per Paul Frields's report), the journalist just didn't understand that those didn't get signed nor pushed to any other machine.
I really hate software news written by non-developers, they almost always get some detail wrong. The only reliable source of information is the project itself. Unfortunately, new users and even some experienced ones tend to trust the press way too much without doing any fact checking.
Kevin Kofler
2009/4/4 Kevin Kofler kevin.kofler@chello.at:
...Unfortunately, new users and even some experienced ones tend to trust the press way too much without doing any fact checking.
Kevin Kofler
This is the reason why I think that a clarification should be demanded. Something did happen in august 2008 and they should clearly point out that these are past events. Software is written by humans and can be cracked by humans. Imagine the following scenario:
I post an artikle in wall street journal titled "Citybank shares drop more than 60 per cent". The shares did lose value but this didn't happen yesterday. It happend some time ago. And you can imagine the impact this headline could have had.
They should apology or clarify the issue.
Joshua C. wrote:
2009/4/4 Kevin Kofler kevin.kofler@chello.at:
...Unfortunately, new users and even some experienced ones tend to trust the press way too much without doing any fact checking.
Kevin Kofler
This is the reason why I think that a clarification should be demanded. Something did happen in august 2008 and they should clearly point out that these are past events. Software is written by humans and can be cracked by humans. Imagine the following scenario:
I post an artikle in wall street journal titled "Citybank shares drop more than 60 per cent". The shares did lose value but this didn't happen yesterday. It happend some time ago. And you can imagine the impact this headline could have had.
They should apology or clarify the issue.
I wouldn't hold my breath.
On 4/4/2009 12:10 AM, m wrote:
Joshua C. wrote:
2009/4/4 Kevin Kofler kevin.kofler@chello.at:
...Unfortunately, new users and even some experienced ones tend to trust the press way too much without doing any fact checking.
Kevin Kofler
This is the reason why I think that a clarification should be demanded. Something did happen in august 2008 and they should clearly point out that these are past events. Software is written by humans and can be cracked by humans. Imagine the following scenario:
I post an artikle in wall street journal titled "Citybank shares drop more than 60 per cent". The shares did lose value but this didn't happen yesterday. It happend some time ago. And you can imagine the impact this headline could have had.
They should apology or clarify the issue.
I wouldn't hold my breath.
It was explained in detail.
https://www.redhat.com/archives/fedora-announce-list/2009-March/msg00010.htm...
On Saturday 04 April 2009 15:23, David wrote:
On 4/4/2009 12:10 AM, m wrote:
Joshua C. wrote:
2009/4/4 Kevin Kofler kevin.kofler@chello.at:
...Unfortunately, new users and even some experienced ones tend to trust the press way too much without doing any fact checking.
Kevin Kofler
This is the reason why I think that a clarification should be demanded. Something did happen in august 2008 and they should clearly point out that these are past events. Software is written by humans and can be cracked by humans.
They should apology or clarify the issue.
I wouldn't hold my breath.
It was explained in detail.
https://www.redhat.com/archives/fedora-announce-list/2009-March/msg00010.ht ml
I believe Joshua meant to say that the journalist who published FUD should apologize and clarify what was wrongly published.
:-) Marko