No more Bugzilla for me
Basil Mohamed Gohar
abu_hurayrah at hidayahonline.org
Wed Apr 22 22:28:14 UTC 2009
On 04/23/2009 04:57 AM, Kevin Kofler wrote:
> Chris Adams wrote:
>
>> I would expect "security paranoia" is in response to last year's
>> incident. Things were pretty loose and easy before that, and look where
>> that got Fedora.
>>
>
> That harmless intrusion (nothing actually got compromised in Fedora space,
> all the packages in the repo verified intact and there's no evidence of any
> malicious packages having been signed) got blown way out of proportion (too
> long downtime, too much secrecy, ...), more paranoia is exactly the
> opposite of what we need.
>
> Kevin Kofler
>
>
I'm on the "forcing changing of passwords is not the best idea unless
confirmed to be weak" side of things myself, but the security intrusion,
had it not been detected, could have been disastrous, because the
intruder injected a compromised rpm binary. It wasn't worse because it
was caught in time, thank God.
I do not think Bugzilla passwords would help in that situation, anyway,
though.
More information about the fedora-devel-list
mailing list