non-disclosure of infrastructure problem a management issue?

[Tim]

On Sat, 2008-08-23 at 07:24 +0530, Rahul Sundaram wrote:
> "If you've ever been involved in a security investigation, you already
> know that facts emerge over time.  With every disclosure there's a
> risk of getting those facts wrong, or having to issue retractions.
> Disclosure at an inappropriate time gives people the mistaken
> impression one is not being truthful, when that's not the case.
>
> The disclosures we've made up to and including this point have been
> factual, in the interest of protecting the security of our millions of
> users, and in the further interest of allowing proper investigation
> and analysis of an ongoing matter.

I still don't see why they couldn't have said that it would be *unsafe*
to install packages, without saying specifically why.  As opposed to
them wording it as if there were just unreliable services.  The original
posting just seems to suggest that the services may be wonky.

It also makes one think they they ought to (a) off-line the source
servers, *and* (b) have some way to make the mirrors go off-line, too,
with some form of "prolonged downtime expected" error message.

-- 
[tim at localhost ~]$ uname -r
2.6.25.14-108.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.