Debian Community Security, was Re: recommended Virus Scanner?

To: debian-user@lists.debian.org
Subject: Debian Community Security, was Re: recommended Virus Scanner?
From: "David Palmer." <davidpalmer@westnet.com.au>
Date: Wed, 26 Nov 2003 19:07:35 +0800
Message-id: <[🔎] 20031126190735.4f8e49ef.davidpalmer@westnet.com.au>
Reply-to: weaver@johncfish.com
In-reply-to: <[🔎] 20031126080705.GA19565@comcast.net>
References: <[🔎] 20031119175551.GA9635@barnyard.sweetpig.dyndns.org> <[🔎] 20031126011612.GF805@ursine.ca> <[🔎] 3FC45ABC.4040607@dmiyu.org> <[🔎] 20031126080705.GA19565@comcast.net>

On Wed, 26 Nov 2003 00:07:05 -0800
Tom <tb.31123.nospam@comcast.net> wrote:

> > Paul Johnson wrote:
> > >Non-issue if you don't use Windows.
> 
> This is totally piling on, but given this recent security compromise,
> I think the whole Linux community needs to reevaluate its "can't
> happen here" mentality.  I don't care if its social engineering or
> I-Love-You, if the world comes to an end, that's A Bad Thing.
> 
> It's only going to get worse as Linux gets more popular.  There were 
> dozens of Microsoft disasters before the mainstream press and the 
> general public noticed.  Linux is long overdue for a major security 
> black eye.  It's going to suck when it happens.
> 
> I think all Linux devs, from Linus on down, need to stop and think
> very seriously about what can be done to preemptively mitigate the
> inevitable embarressments which are sure to come (soon).
> 
Agreed.
It's not just SCO and M$ that are potential invaders (Microsoft
personnel were turning up at the KDE stand at COMDEX asking lots of
questions, and were very interested, apparently), we now have corporate
enterprise moving in on the linux market, why do they need to have a
large developer payroll when they have the entire Debian community to do
the job for them? All they have to do is crack the Debian servers at the
right time and their work has been done for them. 

Novell is offering financial enticement, depending on the project, up to
$2500.00 for moving the Gaim buddy list over to Evolution, so they are
obviously going after the desktop market, and the competition factor is
going to be up there.

What I'm trying to say is that there are more than a few crackers doing
it because they can, Linux is getting a commercial aspect and
recognition to the point where entire countries are switching to Open
Source, commercial distros are getting frightened, and fear breeds
aggression, and that means changes that we are better finding hacks to
compensate for before they occur.

We also need to perhaps tighten up within the mail list community. Just
being aware is a good start, look for a lot of noise combined with
experience. Increase security in the form of layers the further into the
community somebody gets. I'm not just talking about key signing, If you
know your way around the street, I.D. is easily faked.
Debian has a name for security, our servers could have been compromised
for no other reason than to destroy that reputation, but we have earned
that name because we have the abilities to create a secure programme.
Perhaps if we looked on the community as a programme, and applied
security measures according to that viewpoint?
Thoughts?
Regards,

David.

Reply to:

Follow-Ups:
- Re: Debian Community Security, was Re: recommended Virus Scanner?
  - From: Alvin Oga <aoga@ns.Linux-Consulting.com>

References:
- recommended Virus Scanner?
  - From: Stephen <dallan@rogers.com>
- Re: recommended Virus Scanner?
  - From: Paul Johnson <baloo@ursine.ca>
- Re: recommended Virus Scanner?
  - From: Steve Lamb <grey@dmiyu.org>
- Re: recommended Virus Scanner?
  - From: Tom <tb.31123.nospam@comcast.net>

Prev by Date: Windows app interfacing with linux box..
Next by Date: Re: KDE -> GNOME (some Questions)
Previous by thread: Re: recommended Virus Scanner?
Next by thread: Re: Debian Community Security, was Re: recommended Virus Scanner?
Index(es):
- Date
- Thread