non-disclosure of infrastructure problem a management issue?

Anders Karlsson anders at trudheim.co.uk
Sat Aug 23 19:22:43 UTC 2008


* Björn Persson <bjorn at rombobjörn.se> [20080823 18:57]:
> Rahul Sundaram quoted Paul W. Frields:
[snip]
> > Disclosure at an inappropriate time gives people the mistaken impression
> > one is not being truthful, when that's not the case.
> 
> The first announcement gave me the impression that there was a technical 
> problem, such as overloaded web servers or a crashed database or something. 
> In retrospect it's obvious that when that announcement was written they 
> already knew or at least suspected that there had been an intrusion. This 
> gives me the impression that Paul W. Frields was not being truthful. He lied 
> by telling half the truth.

That is a pretty strong statement to make. Not telling everything does
not equate lying - especially when what you are telling (or can tell)
is true. And if all you have is an impression that he is not truthful,
you conceed that you have no evidence to the contrary as well.

I think you owe Paul Frields an apology.

[snip]

> > As I stated in the announcement, I'll continue to provide information as
> > it becomes available."
> 
> Did it really take a week before the information that the issue was related to 
> security became available?

I think you ought to read the book "The Cuckoo's Egg" by Clifford
Stoll. Once you have read it and understood it, feel free to comment
again on the issue at hand here.

/Anders




More information about the fedora-list mailing list