Just pointing out the double standards of how it is viewed for no logical reason other then "it's bad when it happens to others but when it happens to our faction it is acceptable".

It has nothing to do with free vs closed, os vs os, it does however have everything to do with being prepared and not letting "bush league" administration practices effect public perception by any for/against faction. It's just bad administration and deployment, period.

Summary: deanjo is disappointed that there hasn't been a big backlash due to the lenghty downtime of linux.org. As a bsd proponent he has a dislike for Linux and perhaps more towards Linus due to a (admittedly shitty) remark where bsd developers where compared to masturbating monkeys. As such he wants this breach to reflect as badly as possible on Linux as a whole. *yawn* more bsd<->linux zelot mudslinging...

Sorry but you are assuming that every server system @ apple.com/ microsoft.com / amazon.com / store CC information and the likes and that is the farthest thing from the truth. Do you know for a fact for example that the linux foundations funding information for example has not been compromised?

Yes, but such information wasn't present. That is one of the reasons why the two situations are so different. The practical impact of a security breach at the Linux servers is small. The practical impact of a similar security breach at the Microsoft or Apple servers would be massive. So saying that people would be hypocritical for being more upset at an Apple or Microsoft security breach than this one ignores the difference in impact the events would have.

It is like saying people would be hypocritical to be more concerned about a fire at huge apartment complex with hundreds of apartments than one at a single-family home. The potential impact of one is much greater than the other, even though both are bad.

And they would be right in doing so.
It is more than just embarrassing. Also a lot of people said that there was no danger anyway since the linux kernel sources are managed via git. Yeah but these people obviously forgot that kernel.org was also hosting packages for at least Arch Linux.

I respectfully disagree. If it is maintained as a "hobby" that is a problem and a serious one at that. Like it or not it does leave a bad impression to have associated "banner" web sites for your product to go down for extended periods of time especially when it served as a mirror for many distro's. Those sites were getting 100k plus hits a day all the way back in 1999 and has grown considerably since then.

Besides, it's probably maintained more as a hobby by some kernel developers, and they have other things to do. And --OSS and distributed development FTW-- linux.org is not really that important to have for us compared to microspf.com or aple.com for them.

One could argue that linux.com/kernel.org lacked such a person. Gotta be careful with statements like that.

Not saying that Apple nor MS haven't had their issues as well, however it has not taken them a month+ to get those services running. Remember is was Linus himself that chose to start calling down others on their security mindedness with his "masturbating monkeys" comments a few years back. It looks like now and only after that they were compromised that security has once again become an issue that requires a bit more attention "then anything else".

It could have been just as easy to get that information had such information been present.

They could have just as easily addressed the immediate issue and kept going with the old system until the replacement was ready.

I'm sure they would, but Microsoft and Apples customers would likely feel much more at ease than if they were rushing it. Chances are however that having Microsoft's/Apple's main servers compromised could cause serious reprecussions for their customers, with updates/registering and whatnot. It's not as if either of them would just move their source tree to github and say 'pull from here now' and just continue development, and given that linux development is going full force I don't see any harm in kernel.org taking their time to get back online (which obviously is delayed due to planning/implementing of new security principles). Chances are the reopening of kernel.org will coincide with 3.1 being released.

Microsoft could try to spin this if they liked, but all it would manage is poisoning the well with any remotely-competent IT person. It's not like the stakes in a complete security audit are an unknown or something. It's an apples to oranges comparison if their scenario is anything but "someone with commit access to our operating system was social-engineered into compromised credentials and may have inserted malignant code", and in the first place neither Apple nor MS have a sterling record they can boast in contrast (and don't think they don't know it)

If they (any of them) somehow managed to...say, lose tens of millions of users' personal information (i.e. "Pull a Sony") I'd be all for laying into them, but that's not the scenario. Taking time and being careful while still developing the kernel? That earns my respect. From where I sit, their response was actually pretty on the ball, and it'll be relatively simple to turn git into the star of this show when it's all done.