non-disclosure of infrastructure problem a management issue?
Mikkel L. Ellertson
mikkel at infinity-ltd.com
Mon Aug 25 14:39:11 UTC 2008
Craig White wrote:
> On Mon, 2008-08-25 at 12:30 +0930, Tim wrote:
>>
>> If it turned out that *because* of a lack of good warning, when a good
>> warning could have been given out, that boxes got compromised all over
>> the planet, you'd find users really pissed off and leaving in droves,
>> and Red Hat and Fedora with a shattered reputation.
> ----
> I fully expect that the reason that they took the system off-line 10
> days ago was a clear indication of their doubt of the sanctity of the
> packages and they didn't put it back online until they felt that they
> felt that they knew the extent of the compromise.
>
> Let's be real here...there have been instances when viruses and other
> compromised code has been distributed, even in shrink wrapped
> proprietary software and we all have expectations of best efforts and if
> someone feels that best efforts aren't being given, then they should
> find another Linux distribution.
>
> Craig
>
Another thing to consider - by taking the systems offline, they
prevented any of the mirrors from grabbing any possible corrupted
packages. This gives them a chance to determine if there were any
packages built and what mirrors would have them. It would be
interesting to see if any mirrors were contacted to remove packages...
Mikkel
--
Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20080825/227b0bfa/attachment-0001.sig>
More information about the fedora-list
mailing list