non-disclosure of infrastructure problem a management issue?

Björn Persson bjorn at xn--rombobjrn-67a.se
Sat Aug 23 23:58:45 UTC 2008


Bjørn Tore Sund wrote:
> One thing this
> incident has taught us is to take regular backups of that mirror so that we
> can roll back to a non-suspect version of the Fedora updates.  Didn't have
> that before, really missed it the last couple of weeks.

How far would you have rolled it back? During the whole time that the Fedora 
repositories were suspect there was no information whatsoever on how old 
packages would have to be to be non-suspect. And while the infrastructure 
team either knew or suspected the whole time that the issue they were 
investigating was an intrusion, it probably did take some time before they 
knew how long the intrusion had been going on.

Björn Persson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20080824/4cee8289/attachment-0001.sig>


More information about the fedora-list mailing list