Re: non-disclosure of infrastructure problem a management issue?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Les Mikesell wrote:

max wrote:
You call it paranoia, I call it common sense. Do the math, I did. I felt that if it was anything but a security issue then they'd have come right out and said so. The only reason not to come out and say so boiled down to a handful of things.
But doesn't a security issue usually imply that everyone else running the same software is vulnerable to the same intrusion? That is, the
maybe but we don't know yet what exactly happened. My issue is not with saying it was handled badly. I would have preferred that more information was provided. That isn't what happened though and ultimately it comes down to a matter of trust. Second guessing the man on the ground is popular but unwise, people only assume they would have done better in the same situation but that is by no means certain. Your on the scene, you make a judgement call based on what you know and what you think best at the moment. Hindsight is always 20/20, having to make the call is harder by far and I think accusing Paul Frields of intentionally deceiving us is going to far, especially without all the facts. This didn't happen last year, its on going, taking place over the course of a couple of weeks and its only fair to allow time for a proper assesment of the situation. How many complaints would we have seen if it turned out to be a false alarm? How many would have blown away their systems and then cried that nothing should have been said until they were certain what had transpired? 


last thing you want to do is keep running with no updates.
The only thing that's been made clear is that the Fedora Project has a number of users who take it for granted.
Do we know yet how the initial access to the machine was obtained? Ssh password-guessing or a more fundamental software problem that may still be a danger for others?
That is precisely the point , we don't know much. If users don't trust the Fedora Project then they should go elsewhere but I doubt they'll do any better. Some organizations won't even give a vague warning, never mind admit they've been cracked. 


--
Fortune favors the BOLD

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux