non-disclosure of infrastructure problem a management issue?

[Jeffrey Tadlock]

On Thu, Aug 21, 2008 at 3:58 PM, Bjørn Tore Sund <bjorn.sund at it.uib.no> wrote:
> It has now been a full week since the first announcement that Fedora had
> "infrastructure problems" and to stop updating systems. Since then there has
> been two updates to the announcement, none of which have modified the "don't
> update" advice and noen of which has been specific as to the exact nature of
> the problems.

The vague don't update your systems portion has been the most
frustrating thing for me so far.  As a Fedora contributor I can handle
the infrastructure systems being down.  And despite the lack of
transparency behind this - I know there are many people on the
infrastructure team that care as much about openness and transparency
as I do - if not more.  So the fact they aren't jumping up and down
means there must be other factors at play that they simply cannot
disclose for some reason.  I trust them, so I trust those decisions.

With that said - I think the users needed to know a lot more - maybe
not specifics of the situation, but at least things they might need to
do to repair or know whether they can trust their systems.  The
vagueness of announcement emails has done a disservice to Fedora
users.  Saying do not update your systems and providing no details of
what is meant by that in a weeks time is difficult to excuse.  What if
a user did update before seeing the announcement?  Is their system to
be trusted?  Is it safe?  Should they reinstall, remove bad packages?
What steps should they be taking if they might have updated before
seeing the announcement?

A week is a long time to go not knowing just how safe your system or
what it might have been exposed to or even whether it is safe to trust
updates again.

~Jeffrey