Infrastructure update link (LATE)

Paul W. Frields stickster at gmail.com
Fri Aug 22 21:22:48 UTC 2008 

On Fri, 2008-08-22 at 22:00 +0200, Dominik 'Rathann' Mierzejewski wrote:
> On Friday, 22 August 2008 at 21:40, Paul W. Frields wrote:
> > Infrastructure report, 2008-08-22 UTC 1200:
> > http://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html 
> > 
> > I neglected to forward URLs to some other important lists, and apologize
> > profusely for the oversight.
> 
> So. Now that we do have a vague idea what happened, I'd like to ask why
> was even that vague information withheld for so long?
> 
> Not to mention there are still many unanswered questions:
> Which servers were compromised?
> How did the attacker get in?
> What exactly did they do?
> ...and a bunch of others, but let's begin with those.

I realize my first answer was not good -- obviously there have been many
such queries over the last week.  I apologize, and allow me do a better
job below.

If you've ever been involved in a security investigation, you already
know that facts emerge over time.  With every disclosure there's a risk
of getting those facts wrong, or having to issue retractions.
Disclosure at an inappropriate time gives people the mistaken impression
one is not being truthful, when that's not the case.  

The disclosures we've made up to and including this point have been
factual, in the interest of protecting the security of our millions of
users, and in the further interest of allowing proper investigation and
analysis of an ongoing matter.

As I stated in the announcement, I'll continue to provide information as
it becomes available.

-- 
Paul W. Frields
  gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233  5906 ACDB C937 BD11 3717
  http://paul.frields.org/   -  -   http://pfrields.fedorapeople.org/
  irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-advisory-board/attachments/20080822/747e970e/attachment.sig>

More information about the fedora-advisory-board mailing list