non-disclosure of infrastructure problem a management issue?

[Bruno Wolff III]

On Sun, Aug 24, 2008 at 12:55:54 -0400,
  max <maximilianbianco at gmail.com> wrote:
> That is precisely the point , we don't know much. If users don't trust  
> the Fedora Project then they should go elsewhere but I doubt they'll do  
> any better. Some organizations won't even give a vague warning, never  
> mind admit they've been cracked.

I'd rather try to change the way the project handles this type of incident
rather than spend my time working with another linux distro project at
this time.

Comparing Fedora to the worst organizations isn't doing its reputation
any favors. Fedora sets a pretty high bar in many areas, and I would like
the bar also set high for the project leadership being open with the
community.

The Fedora project seems to value many facets of openness (e.g. they did a lot
of work a few releases ago to open up the build tools for the distro). So
while I didn't find any obvious statements that the project has an explicit
goal to work in an open and transparent manner, I think the impression that
that is a goal of the project.

The way the recent compromise was handled was not a good example of how a
truly open project should have handled such an incident. It took a week
before a statement was issued admitting a compromise. That should have
been part of the very first announcement.