Canonical dismisses Ubuntu security concerns
Worries over Ubuntu's security, following shutdown of Canonical-sponsored community-run servers, are misplaced, company says.
The servers had "started attacking other systems," according to an Ubuntu newsletter. The issue first came to light on Saturday, when Ubuntu users voiced concern over a problem with local community (loco) hosted servers.
London-based Canonical moved quickly to minimize the issue and reassure users that the operating system is secure.
"This is not a problem with our production servers," Gerry Carr, marketing manager of Canonical, told ZDNet UK, sister site of CNET News.com. The issue was with "loco servers that we pay for but that do not sit in our data center." As a result, the security in Canonical's data center was "in no way compromised by these attacks," Carr said.
While the company "held its hand up" in regard to the problem, it completely rejected any implication that user security had been compromised, Carr said.
"Any (implication), and there has been some, that this episode has, or had, any bearing on our enterprise readiness or the Ubuntu downloads is so completely wide of the mark as to miss the point entirely," he said. "It has nothing to do with downloaded copies of Ubuntu; it is separate servers on a separate network in a separate location."
But the company did accept that the servers had been poorly managed. The problem arose because the responsibility for security lay "between Canonical and the community," Carr said.
"Most of the time," this was just as it should be, Carr said, but "server management is maybe not one of those times."
The issue is one for the community to decide, he said. "Either the loco servers come into our data center and are subject to our standard, rigorous security and management, or they sit completely outside of it and are run by the community."
The issue is outlined in detail in an e-mail from Ubuntu's community manager, Jono Bacon.
Colin Barker of ZDNet UK reported from London.