non-disclosure of infrastructure problem a management issue?
Björn Persson
bjorn at xn--rombobjrn-67a.se
Fri Aug 22 23:00:23 UTC 2008
fredagen den 22 augusti 2008 skrev Tim:
> On Fri, 2008-08-22 at 16:08 +0100, Anne Wilson wrote:
> > There was an intrusion, and it affected the server which signs
> > packages, hence the warning to hold off until tests had been done.
>
> They really should have said something more like that, first off.
I agree. I can't see any reason why they couldn't have said the following a
week ago:
"We suspect that some Fedora servers may have been illegally accessed. We are
working to analyze the intrusion and the extent of the compromise. Right now
we can't rule out the possibility that there may be tampered packages on the
mirrors, so as a precaution we recommend you not download or update any
additional packages on your Fedora systems. The investigation may result in
service outages, for which we apologize in advance."
Björn Persson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20080823/f8f87f6d/attachment-0001.sig>
More information about the fedora-list
mailing list