What should the Linux Mint developers do to regain the trust of users?
The recent hacking of the Linux Mint site has drawn an enormous amount of media attention and has shattered the faith of some users. What should the developers of Linux Mint do to regain the trust of the folks who use their distribution?
This topic came up in a thread on the Linux Mint subreddit and redditors there weren't shy about sharing their opinions.
Chucks launched the thread by asking his question:
The thing is no matter how you look at it or how much you blame the Mint team for what happened, the results were pretty serious and there was a ton of bad press.
How should Mint approach the situation to minimize damage? Do they need to do anything or is "can happen to anybody" enough?
I hope they figure it out and can continue their success story.
Other Linux Mint users chimed in with their thoughts:
Jpaek1: "I imagine do the same as anyone after a hack. Be honest and open about the issue and vow to do better in the future and prove it by actually doing better. I think its obvious that security needs to be better. Hopefully they can get some kind of security fix posted for those running the infected installs, though I honestly don't know if that is possible or not, though I would assume it is."
And not to downplay the issue, but hacks like this are going to happen. Even large corporations and companies like Sony have been breached multiple times. If someone wants in bad enough, they'll eventually find a way in.
In terms of attacks, this one wasn't nearly as bad as it could have been. Bad but not catastrophic.
Widby: "I still trust Linux Mint and I have no doubts the team will address the issue of site security adequately. The distro itself is still as good as it always was.
I think the ISOs need to be digitally signed, not just hashed. This is what I expect to be among their list of measures."
Conzerak: "Obviously they need to harden their website and reach out to the people who were compromised. This is disappointing news but I do not intend to start dumping my many Mint installations. I left the Windows world for Mint and I'm just very happy with Mint for quite some time. I would rather the Mint guys take this as a wake up call and fix the issues... but I am still firmly in their corner... though I am watching this as it develops."
Multia-z: "I disagree the results were pretty serious.. but there was a ton of bad press, far, far more than one would have expected for a small linux distro. and so much vitriol in that bad press, most of it comming from the linux community, which actually falls back on the whole linux community, many potential users or starters in linux will be running back to MS no matter which distro they were thinking about. Not because Mint was hacked but because the linux community acted like sharks having a feeding frenzy and an injured member of their own kind."
RAngerm2: "Honestly, there's not much that can be done. Anything can be hacked, and all they can do is toughen their security, be honest and open about what they've done to toughen it, and perhaps invite a trusted 3rd-party to confirm it."
TheAtheistOtaku: "This is such a huge over reaction I feel sorry for the mint team. 99% of users are unaffected by this but with all the press and crap you would think the 99% are the ones affected. but I bad press Is usually louder then good press unfourtunatly."
Captainslow: "They should start taking security much more seriously. And not just on their website. For awhile now I've been reading the occasional comments on Linux-related subreddits that trash Mint as being a distro put together by people who are likely in over their heads (due to the massive popularity Mint has gained). It may have started as a hobby or fun project for Clem and his team. But by now, rightly or not, it's a hugely popular distribution.
The Mint team needs to recognize this fact and act accordingly. Put the people and structure in place necessary for being a serious distribution. When people, especially noobs, are depending on Mint for their computing needs they are trusting the Mint team to know what they're doing. That trust has been rocked at least a little bit by the website hack."
Sudoismyname: "I use Mint on my desktop and laptop. To regain my trust all they have to do if fix their current site security issues. I haven't wiped and installed something else or even spent 10 seconds worrying about it since it doesn't affect me or my system.
I do like the conversation about distributing distros that this has generated. The idea of pgp signed images sounds good to me, hopefully Mint will adopt that."
Masterpooter: "I honestly don't care that they got hacked. If MAJOR corporations like Sony can get hacked. Then of course a small organization like the Mint team can get hacked. Corporations like Sony deal with shit like corporate espionage. I'm sure that they had great security when they got hacked."