Language Selection

English French German Italian Portuguese Spanish

Red Hat Infrastructure report

Filed under
Linux
Security

Last week we discovered that some Fedora servers were illegally
accessed. The intrusion into the servers was quickly discovered, and the
servers were taken offline.

Security specialists and administrators have been working since then to
analyze the intrusion and the extent of the compromise as well as
reinstall Fedora systems. We are using the requisite outages as an
opportunity to do other upgrades for the sake of functionality as well
as security. Work is ongoing, so please be patient. Anyone with
pertinent information relating to this event is asked to contact
fedora-legal redhat com

One of the compromised Fedora servers was a system used for signing
Fedora packages. However, based on our efforts, we have high confidence
that the intruder was not able to capture the passphrase used to secure
the Fedora package signing key. Based on our review to date, the
passphrase was not used during the time of the intrusion on the system
and the passphrase is not stored on any of the Fedora servers.

While there is no definitive evidence that the Fedora key has been
compromised, because Fedora packages are distributed via multiple
third-party mirrors and repositories, we have decided to convert to new
Fedora signing keys. This may require affirmative steps from every
Fedora system owner or administrator. We will widely and clearly
communicate any such steps to help users when available.

More Here




Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Digia spins off Qt as subsidiary

Digia has spun off a subsidiary called “The Qt Company” to unify Qt’s commercial and open source efforts, and debuted a low-cost plan for mobile developers. The Linux-oriented Qt cross-platform development framework has had a tumultuous career, having been passed around Scandinavia over the yearsfrom Trolltech to Nokia and then from Nokia to Digia. Yet, Qt keeps rolling along in both commercial and open source community versions, continually adding support for new platforms and technologies, and gaining extensive support from mobile developers. Read more

Qubes: The Open Source OS Built for Security

No matter how good the code review process is, or how high the standards for acceptance, applications will always have bugs, says Joanna Rutkowska, founder and CEO of Invisible Things Lab. So will drivers. And filesystems. “Nobody, not even Google Security Team, can find and patch all those bugs in all the desktop apps we all use,” Rutkowska says in the Q&A interview, below. Read more

KDE Developer Says Community Managers Are a Fraud and a Farce

KDE developer Aaron Seigo is a very outspoken person and he is known for his strong opinions. He recently proposed for public debate a very heated and interesting subject about the role of the community managers for the open source project. He thinks that the community managers' role, as they are working today on various projects, is actually a fraud and a farce. It's unclear what determined him to make this statement, but he knew right from the start that it was going to rile up the community and various community managers. Read more

RadeonSI Gallium3D vs. Catalyst At 4K UHD On Linux

The open-source driver stack tested was with the Linux 3.17 Git kernel while using the Oibaf PPA to upgrade to Mesa 10.4-devel for the latest RadeonSI and LLVM AMD GPU code. The closed-source driver was the fglrx 14.20.7 / OpenGL 4.4.12968 Catalyst release. When running the Catalyst binary blob we had to downgrade from Linux 3.17 to Linux 3.16 for kernel compatibility. All tests were done from the Intel Core i7 5960X system running Ubuntu 14.10. Read more