non-disclosure of infrastructure problem a management issue?

Thu Aug 21 22:36:21 UTC 2008

Bjoern Tore Sund wrote:
> It has now been a full week since the first announcement that Fedora 
> had "infrastructure problems" and to stop updating systems.  Since 
> then there has been two updates to the announcement, none of which 
> have modified the "don't update" advice and noen of which has been 
> specific as to the exact nature of the problems.  At one point we 
> received a list of servers, but not services, which were back up and 
> running.
>
> The University of Bergen has 500 linux clients running Fedora.  We 
> average one reinstall/fresh install per day, often doing quite a lot 
> more. Installs and reinstalls has had to stop completely, nightly 
> updates have stopped, and until the nature of the problem is revealed 
> we don't even know for certain whether it is safe for our IT staff to 
> type admin passwords to our (RHEL-based, for the most part) servers 
> from these work stations.
>
> Sometimes unfortunate events happen beyond anyone's control.  We 
> understand this as well as anyone.  We trust the assurances that the 
> infrastructure team is working hard on resolving 
> http://www.google.co.nz/the matter and are greatful to them for the 
> job they do.  So far nothing that has happened with this issue has 
> reflected poorly on them.
>
> Sadly, the same cannot be said about the Management of the Fedora 
> project.  Their choice of complete non-disclosure is enough to 
> eradicate any and all confidence that Fedora is a trustworthy platform 
> for Linux installations.  What information they have released has been 
> deliberately vague and, frankly, useless.  For a day or two to secure 
> things this may be a workable strategy.  For a full week, not giving 
> the community participants any chance whatsoever to protect themselves 
> from threats indicated but not specified?  This is poor management and 
> poor judgement and reflects very badly not only on the Fedora project 
> but on Fedora's RedHat sponsor as well.  The issue is more than 
> serious enough and has gone on for more than long enough that someone 
> higher up the scale should have stepped in a long time ago and made 
> sure that all relevant info was released to the community.
>
> We strongly encourage both the Fedora management and RedHat as a 
> Fedora sponsor to immediately release any and all information relating 
> to the current infrastructure problems.
>
> Regards,
>
> -BT, linux client architect, University of Bergen

Hi, I work in an environment very similar to yours a University in New 
Zealand.  And while I understand your frustration and agree that this 
situation and the communication surrounding it have been managed poorly 
I will say that we as administrators can not blame Fedora if we make 
their infrastructure to critical to our own systems.  For example we can 
make our own local repositories and we can control / test updates to try 
and minimize the risks from events such as this.