HiThere: "Then they dropped the professional edition without ANY warning."
Yikes, you weren't paying much attention at that time, as I was only using RH at home to tinker with and was WELL AWARE of the warning and timelines when that happened.
Uhm, no, if someone hacks THEY must make the details known, but not the person who was hacked (its not a derivative work YOU produced). Of course given the obvious sarcasm, it is an interesting sticky situation, and we all know someone isn't going to release their own hacked source (at least until its been fixed).
Red Hat was not 'unresponsive' in this issue, they clearly stated their systems were compromised, user's systems were not due to the lack of compromised packages in the mirrors, and the procedure being undertaken to make sure none of the mirrored packages are compromised in the future using signing keys that may have been compromised (i.e. replacing the entire signing key and resigning every single package). How exactly is that being unresponsive? It tells an administrator every fact they need: are my own systems compromised, how do I verify that, and how do I know they will not be compromised in the future due to this issue.
The security breach details of the Red Hat servers is not something an administrator needs to know in order to trust that Red Hat made an appropriate decision regarding this breech. If you feel you need to know every tiny detail in order to trust the company, you are in a sad state of affairs... because you do not trust anyone at all and never will; that level of disclosure simply does not exist with any outside vendor company, software or hardware, and will not, and if you think you're getting it from anyone you are deceiving yourself.
You conveniently neglect the fact that the available pool of attackers, and users, and sites that may play host to exploits... is increasing at an astounding rate. The fact that Opera and Firefox attacks is increasing cannot be proven as correlated with the relative security of FF/IE/Opera. The number of attacks and security flaws identified will *naturally increase* as the community of computer users expands around the world.
Slashdot Mirror
HiThere: "Then they dropped the professional edition without ANY warning." Yikes, you weren't paying much attention at that time, as I was only using RH at home to tinker with and was WELL AWARE of the warning and timelines when that happened.
Uhm, no, if someone hacks THEY must make the details known, but not the person who was hacked (its not a derivative work YOU produced). Of course given the obvious sarcasm, it is an interesting sticky situation, and we all know someone isn't going to release their own hacked source (at least until its been fixed).
Red Hat was not 'unresponsive' in this issue, they clearly stated their systems were compromised, user's systems were not due to the lack of compromised packages in the mirrors, and the procedure being undertaken to make sure none of the mirrored packages are compromised in the future using signing keys that may have been compromised (i.e. replacing the entire signing key and resigning every single package). How exactly is that being unresponsive? It tells an administrator every fact they need: are my own systems compromised, how do I verify that, and how do I know they will not be compromised in the future due to this issue. The security breach details of the Red Hat servers is not something an administrator needs to know in order to trust that Red Hat made an appropriate decision regarding this breech. If you feel you need to know every tiny detail in order to trust the company, you are in a sad state of affairs... because you do not trust anyone at all and never will; that level of disclosure simply does not exist with any outside vendor company, software or hardware, and will not, and if you think you're getting it from anyone you are deceiving yourself.
You conveniently neglect the fact that the available pool of attackers, and users, and sites that may play host to exploits... is increasing at an astounding rate. The fact that Opera and Firefox attacks is increasing cannot be proven as correlated with the relative security of FF/IE/Opera. The number of attacks and security flaws identified will *naturally increase* as the community of computer users expands around the world.