On Tue, 2007-02-06 at 19:34 -0500, Jesse Keating wrote: > It is not a matter of what HAS been done, it's a matter of what _could_ be > done. You don't lock the door to your house because somebody has already > broken in, you lock it to prevent somebody from breaking in. Well, don't get me wrong, but that is exactly what some people like me do. We don't put locks somewhere unless it's really necessary (I highly recommend the Canadian unlocked door part of the movie Bowling for Columbine, to see how these people who don't lock their door think). This is a way of life, and a way of thinking about life. We like to think that there are not many bad people: otherwise, we turn into freaks and will fear everybody. Let me put it another way. If the United States has never attacked your country, may be they never will? Why develop atomic capabilities? Really, why? Of course one can be on the very cautious side and develop the atomic capabilities ("for peaceful purposes only", and who is to deny that defending one's country is not a peaceful purpose). But we hippie types prefer to assume that the US will not attack us and we can actually live better with that assumption on our minds. (Please bare with my analogies.) > Other people HAVE broken into other distributions and caused problems. That of course is a very good reason to worry and then add locks. With my example, having seen that the US actually attacked Iraq for no reasonable reason, one can also assume that the same will happen to Iran if we let that happen. But still, people like me prefer to think "Oh, but Iran is different from Iraq!" (and Fedora from all the guys who were attacked, for all the reasons there may be, like having better and more security-minded system administrators). These rants are of course relevant only because I was the person whose laptop with the SSH keys was stolen, which could theoretically be used to find a way into the Extras system. The keys were of course password protected and I reported the situation to Fedora people as soon as possible on IRC, by email, and every other way I thought before a brute force could be used to find the passwords, but if we want to think about all the possible scenarios, a targeted attack could even have used my collaboration. Theoretically, someone may still use physical force on me and get me to type my password and insert whatever code he sees appropriate where he wishes. Do I value the security of Fedora users more than my life or my family's? Definitely not! Roozbeh -- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers -- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly