Does anyone have any thoughts as to why Apache would be targeted like this?
Apache doesn't exactly garner bad blood from shady groups. Big corporations and governments have too much to lose by attacking Apache this way. I could understand an attempt by organized crime or a blackhat organization to secretly insert a back door into the Apache code base, but this was too heavy-handed to even consider being a secret attempt.
Someone in China or Russia? Apache is so vital to corporate and even government operations that compromising the code base could have huge financial and/or intelligence implications. I'm sure that there are Apache behind security barriers, and using it to gather information and send it elsewhere would be greatly prized. Just guessing...
My first reaction was that we should set up a huge department level bureaucracy, let's call it the "Department of HTTPD Security" (after the Apache server's process name HTTPD). This department will gets lots of funding and quickly hire many people. Due to the short time period these people will certainly not be the best, or even very good, at security, but this is an emergency so we'll gloss over that. The Department will subsume and take over several other large and already successful security agencies li
You really think my reaction is way overblown? So you're saying a code audit shouldn't happen? Maybe a few months is too long but some sort of audit should happen and it should be done by the people who, you know, maintain the actual code.
Take your sarcasm somewhere else. A code audit is not unreasonable given the situation.
Serious Question (Score:3)
Does anyone have any thoughts as to why Apache would be targeted like this?
Apache doesn't exactly garner bad blood from shady groups. Big corporations and governments have too much to lose by attacking Apache this way. I could understand an attempt by organized crime or a blackhat organization to secretly insert a back door into the Apache code base, but this was too heavy-handed to even consider being a secret attempt.
The whole thing is weird.
Re: (Score:1)
Re: (Score:2)
I imagine though, that with such an attempt as this, that a freeze on downloads and a code audit would be in order for the next few months.
Re: (Score:4, Funny)
My first reaction was that we should set up a huge department level bureaucracy, let's call it the "Department of HTTPD Security" (after the Apache server's process name HTTPD). This department will gets lots of funding and quickly hire many people. Due to the short time period these people will certainly not be the best, or even very good, at security, but this is an emergency so we'll gloss over that. The Department will subsume and take over several other large and already successful security agencies li
Re:Serious Question (Score:3, Insightful)
You really think my reaction is way overblown? So you're saying a code audit shouldn't happen? Maybe a few months is too long but some sort of audit should happen and it should be done by the people who, you know, maintain the actual code.
Take your sarcasm somewhere else. A code audit is not unreasonable given the situation.
Re: (Score:2)
Hahaha defensive much?
Do you see any similarity between my description and any real life over-reactions?
Department of HTTPD Security. D.H.S.
A code audit would be a very good idea.
Re: (Score:2)
Sorry, this is slashdot. I've been getting a lot of sarcasm and taking a lot of heat lately for my position on various subjects.
Yeah, I do.
(: