There's a nice article here on setting up the LAMP stack on Fedora (or its relatives, Red Hat Enterprise Linux and CentOS):
What I'm left wondering is why someone should need a username and password to comment on a blog post on their sites. Do they have a reputation system? Does it really prevent spam? Or is it just to gather a list of email addresses that they might sell later? There must be a better way to accomplish the little functionality that their login requirement provides. Especially now that they have to deal with the fact that their login system was not secure.
There are two primary reasons to require logins:
1) A registration system with a captcha is highly-effective at preventing spam on your blog comments or forum posts.
2) To a greater or lesser degree, it prevents people from impersonating you. Sure there are ways to trick this (create a username that's one lookalike character off, etc.) but on the whole it makes it easier to recognize who you're talking to.
My first experience with Linux was Red Hat 6.2. I installed it on some leftover hardware I had lying around after an upgrade and followed a HOWTO I found on the web to install an Action Quake 2 server. It ran for six months without a reboot until I had to take it home for the summer.
I'd like to set the record straight on your comments about the "other high profile distro" that "let attackers actually sign some rogue packages with their private key". This is verifiably false on all points.
The full description of how this attack took place is available here: https://www.redhat.com/archives/fedora-announce-list/2009-March/msg00010.html
No software vulnerability was exploited. It was a classic case of social engineering. A hacker was able to gain access to an ssh key providing access to the build infrastructure and uploaded a set of modified packages. They were designed to snoop for the passwords necessary to use the signing server. The intrusion was detected and repaired before any infected packages were signed.
Please do at least a trivial amount of homework before throwing about accusations.
The failing of the first distribution was in their insistence upon forking a private copy of the crypto libraries that the community at large refused to even look at, which is why the error went undiscovered for so long. This was a failure of the developers to follow the core tenets of collaborative development, and should serve to prove the effectiveness of community development rather than imply that open-source is somehow less secure.
To the systems programmer, users and applications serve only to provide a test load.