I was actually browsing through the Freedombox site to look at the project and when I clicked on one of the links to the Linux Foundation I received the breach notification that now reads (Condensed Version):
“Linux Foundation infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011. The Linux Foundation made this decision in the interest of extreme caution and security best practices. We believe this breach was connected to the intrusion on kernel.org.”
They make the statement of “..security best practices”. If they were using security best practices should they have been breached to begin with? My hope is if and when they discover what happened is that in the interest of Open Source is that they would offer full-disclosure on the details of the incident so the Linux community can learn from the mistakes that appears to have affected kernel.org and now the Linux Foundation.
What I find interesting is that as a result of the kernel.org breach, Linux Torvalds has moved the Linux Kernel project to GitHub. So I’m wondering what assurance Linus feels that GitHub will give him that kernel.org could not? It really comes to is that they have not been breached yet.