Linux Foundation Sites Restored - Slashdot

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

×

Linux Foundation Sites Restored 141

Posted by samzenpus on Wednesday January 04, 2012 @09:05PM from the welcome-back dept.

LinuxScribe writes "The Linux Foundation has quietly restored all of the websites it took down following the September 2011 breach that affected Linux.com and all other Foundation websites--an attack that was linked to the August 2011 breach of kernel.org. But one website won't be coming back: the Linux Developer Network, launched in 2008. Content from the site will now be hosted across all of the Linux Foundation's web properties."

This discussion has been archived. No new comments can be posted.

Linux Foundation Sites Restored

Search 141 Comments Log In/Create an Account

Comments Filter:

Re:Not Everything (Score:5, Informative)

by noobermin ( 1950642 ) writes: on Wednesday January 04, 2012 @09:49PM (#38591604) Journal

This is about the Linux Foundation sites, not kernel.org.

Parent Share
twitter facebook
Re:Wow (Score:3, Informative)

by Ramin_HAL9001 ( 1677134 ) writes: on Wednesday January 04, 2012 @10:38PM (#38591966)

These people already have jobs.
Also, Linux is one of the most mission-critical bits of software on the planet, used heavily in finance, internet backbones, and social networking. I'd rather they be overly cautious about bringing their sites back online, than do it hurriedly and let a backdoor exploit go undetected.

Parent Share
twitter facebook
Re:What about a post mortem? (Score:5, Informative)

by julian67 ( 1022593 ) writes: on Wednesday January 04, 2012 @11:33PM (#38592304)

I strongly agree. They promised they would publish an account but so far have failed to do so. On kernel.org they wrote "We will be writing up a report on the incident in the future." but I suppose "the future" in this case translates to "never" or even "mind your own business because it's embarrassing".
They are also still using a signing key which has been publicly stated to be compromised. From http://kernel.org/signature.html [kernel.org]
"The current Linux Kernel Archives OpenPGP key is always posted here, including any revocation certificates which may be outstanding on older keys.
This signature does not guarantee that the Linux Kernel Archives master site itself has not been compromised. However, if we suffer an intrusion we will revoke the key and post information here as quickly as possible."
I find it amazing that after over 4 months this simple act of revoking the bad key has still not been carried out. Even though a signed tarball doesn't guarantee much in the end, the fact that an important organisation can publicly make such a statement and then fail to honour it is actually disgraceful. It's a demonstration of bad faith in itself, and in combination with their failure to be frank about how root was gained on multiple sites and servers, is an indication of untrustworthiness of the most uncomplicated type.
Claiming to be open and honest is in no way a satisfactory substitute for being open and honest.

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

283 commentsShould There Be an 'Official' Version of Linux?
210 commentsIs Wayland Becoming the Favored Way to Get a GUI on Linux?
199 commentsLinux Passes 4% Desktop Market Share
191 commentsHow Red Hat Divided the Open Source Community
188 commentsWhy Desktop Linux Is Finally Growing In Popularity

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (5) All right, who's the wiseguy who stuck this trigraph stuff in here?