A handful of recent online attacks on free and open-source software servers has open-source developers looking over their shoulders.
During the last four months, unknown intruders have breached the security around servers hosting programs and code published by the Linux kernel development team, the Debian Project, the Gentoo Linux Project and the GNU Project, which manages the development of many important programs used by Linux and other Unix-like systems. The attacks have convinced open-source project leaders to take another look at their security. "It is a definite eyebrow raiser that there has been this targeting of open-source servers and core open-source development servers," said Corey Shields, a member of the infrastructure team that overseas the distribution system for Gentoo Linux's code. "The worry is that if someone wanted to be malicious, they could change core software and users could be using corrupted packages."
Although the open-source model has led to immense progress in developing a competing operating system to Microsoft's Windows--long a target of hackers--it now seems to be a magnet for attackers itself. In a sort of backhanded compliment, attackers are aiming at the Linux OS and other open-source applications because of the software's popularity. Even developers who believe they've adequately secured their development systems are looking at the trend with some trepidation. "It is one of those things where you have to hope you are not next and try to be one step ahead of the bad guys," said Jeremy Allison, co-founder and developer of the Samba Project, the programming effort for the popular open-source file server that seamlessly fits into Windows networks.
News source: C|Net News.com