Forgot to add one thing...
|
| Author | Content |
|---|---|
| thenixedreport May 09, 2008 12:13 AM EDT |
He should have added a question mark to the end of the title of his article. It turned out that the author of the language pack had an infected computer, hence the file he uploaded having a virus in the first place. |
| gus3 May 09, 2008 12:38 AM EDT |
I disagree. This represents a serious slip in package release management for the Mozilla Project. One of their big selling points has always been "fewer holes and faster fixes" (than MSIE by implication). Three months is an outrageous amount of time for an undetected malware payload in an Open Source project. Hopefully the project leads will put their heads together and implement a comprehensive policy for malware scanning. When they can show system logs indicating consistent policy conformance, it will raise the standard for openness in FOSS development. |
| bigg May 09, 2008 4:44 AM EDT |
I agree gus, this is extremely sloppy on the part of Mozilla. As I look at all of the security precautions that are taken with other FOSS projects, this is shocking. And it's a darn shame too. Mozilla is a prominent FOSS project so any of their screwups will reflect badly on the entire FOSS community. |
| helios May 09, 2008 5:01 AM EDT |
You can bet there will be bales and bales of hay made of this... h |
| tracyanne May 09, 2008 5:02 AM EDT |
There have been already, read the comments at the end of the article. |
| Bob_Robertson May 09, 2008 5:07 AM EDT |
Would an automatic (clamv?) virus scan after uploading have found it? I fully understand the disgust, and three months seems a long time unless simply no one connected the infection with the language pack download. |
| Sander_Marechal May 09, 2008 8:45 AM EDT |
@Bob: From what I read, Mozilla already has a virus scanner in place. But it didn't detect the virus on upload. Perhaps periodic rescanning of all the files should be done (e.g. once after each AV update). |
| tracyanne May 09, 2008 2:09 PM EDT |
This demonstrates one truism, a system that needs to rely on Virus Scanners for it's security is already broken. On the other hand Mozilla will need to be very open about what they are doing to stop this recurring. |
| thenixedreport May 09, 2008 7:57 PM EDT |
Keep in mind it was because the author of the language pack managed to let their machine get infected. The title on its own implies that Mozilla did this on purpose, which is misleading. |
| gus3 May 09, 2008 8:20 PM EDT |
@tracyanne: I trust the system you're talking about is the Redmond OS, and not the Mozilla development methodology? |
| tracyanne May 09, 2008 11:29 PM EDT |
Well yes I am. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!