On 04/23/2009 04:57 AM, Kevin Kofler wrote:
Chris Adams wrote:
I would expect "security paranoia" is in response to last year's
incident. Things were pretty loose and easy before that, and look where
that got Fedora.
That harmless intrusion (nothing actually got compromised in Fedora space,
all the packages in the repo verified intact and there's no evidence of any
malicious packages having been signed) got blown way out of proportion (too
long downtime, too much secrecy, ...), more paranoia is exactly the
opposite of what we need.
Kevin Kofler
I'm on the "forcing changing of passwords is not the best idea unless
confirmed to be weak" side of things myself, but the security intrusion,
had it not been detected, could have been disastrous, because the
intruder injected a compromised rpm binary. It wasn't worse because it
was caught in time, thank God.
I do not think Bugzilla passwords would help in that situation, anyway,
though.
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list