Re: non-disclosure of infrastructure problem a management issue?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Aug 24, 2008 at 6:48 PM, Frank Cox <theatre@xxxxxxxxxxx> wrote:
> As a sitting community representative, what action, other than sitting, have you
> taken to deal with the current lack of information distribution?  The community
> is still largely in the dark, as you are well aware.   Have you been raising
> this issue at the highest levels (raising the issue, raising hell, raising
> cain) and getting things done?

I see no reason to raise hell. I see an opportunity for people to come
together to draft a new communication process where one has not
existed before. One that all the stake holders can agree to abide by.
 I've said as much to the Board and its why I am in this thread...
specifically challenging community members to take a stab at drafting
a process document.  I am sure as hell not going to be the one
drafting the document. I will facilitate the discussion and will nudge
people in the right direction but I expect community people with a
background with dealing with these sort of security issues to step up
and lead an effort to create an incidident communication process.  If
people in the community don't step up and make a conscientious effort
to put an incident communications policy in place.. then its not going
to happen.

>
> What representations have you made on behalf of the Fedora community with
> regard to this matter?

My calls to the president of the united states have so far gone
unanswered..but I'll keep at it.

>With whom?  With what results?  What's your next step?
> The step after that?  Where do you see things going from here?  Are further
> meeting planned?

I've had no formal meetings on this matter. In my capacity as a Board
member I have no received any more information with regard to the
incident than has been made public in the announcements.  What has
been deemed to be made public has been made public.  I do not know why
the announcements were worded the way they were and I'm not going to
get sucked into petty speculating on the matter.

What I am here to do is knock some sense into everyone who has been
rattled by how the communication has unfolded. We do not have a Fedora
specific incident communication policy in place...and as far as I know
its never ever come up for discussion as part of community chit-chat
as to expectations on  how to handle the disclosure in these sorts of
situations. Not even our own community conspiracy theorists have put
this sort of situation up as a doomsday scenario in the past afaict.
Until we have a documented incident communication process in place,
that legal is okay with, none of us have a right to expect incident
communication to be handled better than it has been.

If I had a process document in place, that specifically stated that
the FPL was to inform the board members ASAP as to all details of
infrastructure breaches, I'd be seriously pissed about how things have
unfolded and I'd be in his face in the Board meetings about it. But I
don't have the process document that sets the bar as to disclosure
expectations.. that document does not exist.  Without those
established expectations on how this is to be handled I'm mature
enough to give people the benefit of the doubt as things unfold.
Because I know, they are making the best effort at dealing with an
unlooked for and unexpected problem.  So I'm not going to go around
beating up Paul or anyone else who had to make a judgement call, or
anyone who relied on Red Hat corporate process during the initial
response..or even now.  The only way forward is to establish a Fedora
specific incident communication process.  So next time this
happens..we all know exactly what to expect in terms of communication
and disclosures.

-jef

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux