non-disclosure of infrastructure problem a management issue?

Mikkel L. Ellertson mikkel at infinity-ltd.com
Mon Aug 25 14:39:11 UTC 2008


Craig White wrote:
> On Mon, 2008-08-25 at 12:30 +0930, Tim wrote:
>>
>> If it turned out that *because* of a lack of good warning, when a good
>> warning could have been given out, that boxes got compromised all over
>> the planet, you'd find users really pissed off and leaving in droves,
>> and Red Hat and Fedora with a shattered reputation.
> ----
> I fully expect that the reason that they took the system off-line 10
> days ago was a clear indication of their doubt of the sanctity of the
> packages and they didn't put it back online until they felt that they
> felt that they knew the extent of the compromise.
> 
> Let's be real here...there have been instances when viruses and other
> compromised code has been distributed, even in shrink wrapped
> proprietary software and we all have expectations of best efforts and if
> someone feels that best efforts aren't being given, then they should
> find another Linux distribution.
> 
> Craig
> 
Another thing to consider - by taking the systems offline, they
prevented any of the mirrors from grabbing any possible corrupted
packages. This gives them a chance to determine if there were any
packages built and what mirrors would have them. It would be
interesting to see if any mirrors were contacted to remove packages...

Mikkel
-- 

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20080825/227b0bfa/attachment-0001.sig>


More information about the fedora-list mailing list