Quote Originally Posted by Wyatt View Post
Microsoft could try to spin this if they liked, but all it would manage is poisoning the well with any remotely-competent IT person.
One could argue that linux.com/kernel.org lacked such a person. Gotta be careful with statements like that.

It's not like the stakes in a complete security audit are an unknown or something. It's an apples to oranges comparison if their scenario is anything but "someone with commit access to our operating system was social-engineered into compromised credentials and may have inserted malignant code", and in the first place neither Apple nor MS have a sterling record they can boast in contrast (and don't think they don't know it)
Not saying that Apple nor MS haven't had their issues as well, however it has not taken them a month+ to get those services running. Remember is was Linus himself that chose to start calling down others on their security mindedness with his "masturbating monkeys" comments a few years back. It looks like now and only after that they were compromised that security has once again become an issue that requires a bit more attention "then anything else".

If they (any of them) somehow managed to...say, lose tens of millions of users' personal information (i.e. "Pull a Sony") I'd be all for laying into them, but that's not the scenario.
It could have been just as easy to get that information had such information been present.

Taking time and being careful while still developing the kernel? That earns my respect. From where I sit, their response was actually pretty on the ball, and it'll be relatively simple to turn git into the star of this show when it's all done.
They could have just as easily addressed the immediate issue and kept going with the old system until the replacement was ready.