Canonical dismisses Ubuntu security concerns
By Colin Barker
News.com
http://news.com.com/Canonical+dismisses+Ubuntu+security+concerns/2100-1004_3-6202988.html
Story last modified Thu Aug 16 11:38:46 PDT 2007
Concerns over the security of Ubuntu Linux distribution arose this week,
when five out of eight community-run servers sponsored by Canonical had to
shut down. The servers had "started attacking other systems," according to
an Ubuntu newsletter.
The issue first came to light on Saturday when Ubuntu users voiced concern
over a problem with local community (loco) hosted servers.
London-based Canonical moved quickly to minimize the issue and reassure
users that the operating system is secure.
"This is not a problem with our production servers," Gerry Carr, marketing
manager of Canonical told ZDNet UK, sister site of CNET News.com. The issue
was with "loco servers that we pay for, but that do not sit in our data
center." As a result, the security in Canonical's data center was "in no
way compromised by these attacks," Carr said.
While the company "held its hand up" in regard to the problem, it
completely rejected any implication that user security had been
compromised, Carr said.
"Any imputation, and there has been some, that this episode has, or had,
any bearing on our enterprise readiness or the Ubuntu downloads is so
completely wide of the mark as to miss the point entirely," he said. "It
has nothing to do with downloaded copies of Ubuntu; it is separate servers
on a separate network in a separate location."
But the company did accept that the servers had been poorly managed. The
problem arose because the responsibility for security lay "between
Canonical and the community," Carr said.
"Most of the time" this was just as it should be, Carr said, but "server
management is maybe not one of those times."
The issue is one for the community to decide, he said. "Either the loco
servers come into our data center and are subject to our standard, rigorous
security and management or they sit completely outside of it and are run by
the community."
The issue is outlined in detail in an e-mail from Ubuntu's community
manager, Jono Bacon.
================================
George Antunes, Political Science Dept
University of Houston; Houston, TX 77204
Voice: 713-743-3923 Fax: 713-743-3927
antunes at uh dot edu