On Wed, 26 Nov 2003 00:07:05 -0800 Tom <[EMAIL PROTECTED]> wrote: > > Paul Johnson wrote: > > >Non-issue if you don't use Windows. > > This is totally piling on, but given this recent security compromise, > I think the whole Linux community needs to reevaluate its "can't > happen here" mentality. I don't care if its social engineering or > I-Love-You, if the world comes to an end, that's A Bad Thing. > > It's only going to get worse as Linux gets more popular. There were > dozens of Microsoft disasters before the mainstream press and the > general public noticed. Linux is long overdue for a major security > black eye. It's going to suck when it happens. > > I think all Linux devs, from Linus on down, need to stop and think > very seriously about what can be done to preemptively mitigate the > inevitable embarressments which are sure to come (soon). > Agreed. It's not just SCO and M$ that are potential invaders (Microsoft personnel were turning up at the KDE stand at COMDEX asking lots of questions, and were very interested, apparently), we now have corporate enterprise moving in on the linux market, why do they need to have a large developer payroll when they have the entire Debian community to do the job for them? All they have to do is crack the Debian servers at the right time and their work has been done for them.
Novell is offering financial enticement, depending on the project, up to $2500.00 for moving the Gaim buddy list over to Evolution, so they are obviously going after the desktop market, and the competition factor is going to be up there. What I'm trying to say is that there are more than a few crackers doing it because they can, Linux is getting a commercial aspect and recognition to the point where entire countries are switching to Open Source, commercial distros are getting frightened, and fear breeds aggression, and that means changes that we are better finding hacks to compensate for before they occur. We also need to perhaps tighten up within the mail list community. Just being aware is a good start, look for a lot of noise combined with experience. Increase security in the form of layers the further into the community somebody gets. I'm not just talking about key signing, If you know your way around the street, I.D. is easily faked. Debian has a name for security, our servers could have been compromised for no other reason than to destroy that reputation, but we have earned that name because we have the abilities to create a secure programme. Perhaps if we looked on the community as a programme, and applied security measures according to that viewpoint? Thoughts? Regards, David. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
