Security Incident on FreeBSD Infrastructure

[rolf]

I guess BSD is not Linux but similar enough.

http://www.freebsd.org/news/2012-compromise.html

It's sobering to see the vulnerabilities in FOSS development and distribution. I thought the following posts made good points:

http://lists.freebsd.org/pipermail/free ... 02595.html

http://www.linux.com/news/featured-blog ... -kernelorg

[viking60]

Sobering indeed - I guess BSD is interesting because it is the foundation of OSX. FreeBSD has had a good reputation as a server - so far. The Linux kernel is handled in Git so it will not be possible to inject anything there without others knowing. And It is now discussed for FreeBSD too - that seems sensible.
But there is no reason to feel completely invulnerable. The best way to avoid this stuff is to know your system - and I thought those FreeBSD guys did!

I think this means that Linux servers are more secure than FreeBSD. But I am sure the BSD guys will fix this. It is very interesting how long it toke before they discovered that the servers were compromised.

[rolf]

Sobering indeed - I guess BSD is interesting because it is the foundation of OSX. FreeBSD has had a good reputation as a server - so far. The Linux kernel is handled in Git so it will not be possible to inject anything there without others knowing. And It is now discussed for FreeBSD to - that seems sensible.
But there is no reason to feel completely invulnerable. The best way to avoid this stuff is to know your system - and I thought those FreeBSD guys did! ...

In some of the links to the freebsd list where I first saw this story, http://www.dslreports.com/forum/r277367 ... ity-breach you can see resistance to change in the developer ranks. I think there might be parallels to how POK et al are against some changes coming from transition to OpenMandriva https://ml.mandriva.com/wws/arc/cooker/ ... 00062.html
I love a good food fight!

[viking60]

Oh boy! If it really toke two months then that is way to long. ...Good fight there