On Fri, 2008-08-22 at 22:00 +0200, Dominik 'Rathann' Mierzejewski wrote: > On Friday, 22 August 2008 at 21:40, Paul W. Frields wrote: > > Infrastructure report, 2008-08-22 UTC 1200: > > http://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html > > > > I neglected to forward URLs to some other important lists, and apologize > > profusely for the oversight. > > So. Now that we do have a vague idea what happened, I'd like to ask why > was even that vague information withheld for so long? > > Not to mention there are still many unanswered questions: > Which servers were compromised? > How did the attacker get in? > What exactly did they do? > ...and a bunch of others, but let's begin with those. I realize my first answer was not good -- obviously there have been many such queries over the last week. I apologize, and allow me do a better job below. If you've ever been involved in a security investigation, you already know that facts emerge over time. With every disclosure there's a risk of getting those facts wrong, or having to issue retractions. Disclosure at an inappropriate time gives people the mistaken impression one is not being truthful, when that's not the case. The disclosures we've made up to and including this point have been factual, in the interest of protecting the security of our millions of users, and in the further interest of allowing proper investigation and analysis of an ongoing matter. As I stated in the announcement, I'll continue to provide information as it becomes available. -- Paul W. Frields gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://paul.frields.org/ - - http://pfrields.fedorapeople.org/ irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ fedora-advisory-board mailing list fedora-advisory-board@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-advisory-board
