Regrettably, several rather nasty security holes were reported almost
immediately; see the "RedHat errata update" entries from Monday and
Tuesday at freshmeat.net.
Before our friends from Microsoft get too cocky about this, I'll make
one point in mitigation: It's not fair to blame these particular
flaws on the open source development model, simply because RedHat
didn't develop this release in a really open way --- there was
actually some surprise on, e.g., Slashdot when the release date was
announced, because there had been no public betas, a break from
RedHat's previous practice. And when an open release *was* made (a
bit late, regrettably), the problems got diagnosed and fixed very
quickly.
rst
PS --- on the security tip, for more info on the flaws Bruce Schneier
found in Microsoft's PPTP implementation, there's a full technical
writeup on Schneier's own web site, www.counterpane.com, and it is, if
anything, worse than you'd guess from articles in the trade rags.
In effect, the key generation and exchange *protocols* are broken
badly enough that no interoperable implementation can be really
secure.