If you’re like me, you’ve heard by now about the weeklong downtime of Fedora infrastructure and today’s formal announcement that Fedora and RedHat’s infrastructure has been breached. After reading more into the details and timeline, I think Redhat/Fedora did everything right, and what happened was simply an unfortunate incident, and the aftermath was handled well.

What I wonder is how many other distros:

(1) Use a FIPS 140-2  hardware crypto signing key to protect key material from compromise

(2) Have as big  of an attacker base as Fedora/RHEL

(3) Would’ve caught the breach so quickly

(4) Would’ve restored services so quickly

If there’s one thing to criticize about this whole incident, it’s the lack of details from RedHat. I’d be interested in learning more about the technical details behind this attack, but I bet RedHat is planning legal action that prevents these details from coming out at the moment.

In any case, I’d like to just say that I’ve not lost any trust in RedHat’s information security procedures. If anything, the way this incident was detected and handled has bolstered my trust in those talented folks. Good luck to the team on restoring their services smoothly and bringing justice to the attackers.