A friend of mine sent me this link:
http://linux.slashdot.org/story/09/07/30/130249/CentOS-Project-Administrator...
I went to the main page and read the letter and the "Facts." Are there any more details, mainly along the lines of CentOS sticking around - I know you folks all work really hard on this, and you know better than me how many others depend on you - but - there's that little specter of doubt yelling in my virtual ears (has to yell 'cuz it's really tiny) and I'd like nothing better (well, almost) than to gag it.
Thanks for all you do, and for keeping us all informed.
mhr
MHR wrote:
A friend of mine sent me this link:
http://linux.slashdot.org/story/09/07/30/130249/CentOS-Project-Administrator...
I went to the main page and read the letter and the "Facts." Are there any more details, mainly along the lines of CentOS sticking around - I know you folks all work really hard on this, and you know better than me how many others depend on you - but - there's that little specter of doubt yelling in my virtual ears (has to yell 'cuz it's really tiny) and I'd like nothing better (well, almost) than to gag it.
Thanks for all you do, and for keeping us all informed.
I just updated the Facts box on the front page of www.centos.org
Hopefully this addresses some of the community concerns.
At this point in time, Lance has not attempted to contact any of the Open Letter signers.
Thanks,
.dn
On Thu, Jul 30, 2009 at 12:53:03PM -0700, MHR wrote:
A friend of mine sent me this link:
http://linux.slashdot.org/story/09/07/30/130249/CentOS-Project-Administrator...
I went to the main page and read the letter and the "Facts." Are there any more details, mainly along the lines of CentOS sticking around - I know you folks all work really hard on this, and you know better than me how many others depend on you - but - there's that little specter of doubt yelling in my virtual ears (has to yell 'cuz it's really tiny) and I'd like nothing better (well, almost) than to gag it.
Thanks for all you do, and for keeping us all informed.
There is no reason to worry that the CentOS project will be going anywhere. The people that do all the heavy lifting have bee, and will continue to be involved. This is more of an administrative flap than anything... it doesn't sound like Lance has been a part of the CentOS daily operations in a very long while either.
CentOS will be just fine..
Just a couple of questions - are the code distribution methods locked down to prevent malicious tampering from someone who may be interested in selling access to millions of computer systems? Centos is very pervasive in hosting companies around the world. Has Lances access been restricted, to prevent injection of malicious code?
My suggestion is to move on - get a new domain name and implement all of the safeguards you have described in various blogs and posting to avoid this in the future.
_pinto
On Thu, Jul 30, 2009 at 05:27:27PM -0400, Phil Pinto wrote:
Just a couple of questions - are the code distribution methods locked down to prevent malicious tampering from someone who may be interested in selling access to millions of computer systems? Centos is very pervasive in hosting companies around the world. Has Lances access been restricted, to prevent injection of malicious code?
ISO images are usually MD5 sum'd (or similar) and signed on most distros, and source code patches are typically visible to multiple people as part of the submission process. Source patches have to go upstream to be ultimately integrated into the CentOS distro.
So the possibility of "vandalism" in these circumstances - eg. a known individual with access and high visibility, are very unlikely to be attempted and even more unlikely to succeed.
I fear that making this kind of speculation, ascribing
potential< acts of vandalism to unamed but clearly
identified specific persons, have only one major effect, to make a sore subject and the relationships of those involved even worse.
We have only one issue that needs resolution and it is being handled by the people closest to the issue. The safety and continuance of CentOS is already assured and not in question.
Hopefully we can refrain from this kind of Hype-driven scenario generating.
After all - We aren't journalists. :-)
The CentOS source is safely stored in multiple places including an upstream North American Enterprise level vendor.
Truly we don't need to be concerned about its purity. The existing developers and multiple other code holders have taken care of that.
Jeff Kinz.
-
donavan nelson -
jkinz@kinz.org -
MHR -
Phil Pinto -
Ray Van Dolson