[LINK] Re: Security Micro-HowTo vs. Adam's generalised Red Hatcritique

[Adam Todd]

>What do you mean "the Red Hat kernel"?
>
>Redhat uses a standard Linux kernel with a few patches applied.

Seems to be the case.

>Some of these patches are from Redhat, others are from developers who
>maintain them in parallel to Linus' kernel development.

Yep.

>All the patches are public, so you libelous suggestion that RedHat 
>is deliberately inserting vulnerabilities into their product is
>quite ridiculous.

Problem is I can and have been able to get into R/H systems even with
ipchains and most port services closed.  It only needs a visible IP address.

As I've already said, give me a letter of authority and an IP address in
your subnet and I'll demonstrate.

As to libelous, come on.  People bag MS and never give it a second
consideration.  If we get down to calling a personal or professional opinon
against or for a product libelous, then we might as well all shut up now.
You won't be able to talk about flowers in someone sgarden for fear they
might suer you!

>I've seen some pretty weird operating system advocacy, but this really
>takes the cake.

Problem is Red Hat itself has some nice features.  I'm not against Red Hat
from an operational point of view, only a security point of view.