FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User
Reload this Page non-disclosure of infrastructure problem a management issue?

 
Page 4 of 4 « First < 23 4
 
LinkBack Thread Tools
 
Old 08-23-2008, 11:37 PM
Björn Persson
 
Default non-disclosure of infrastructure problem a management issue?
Anders Karlsson wrote:
> * Björn Persson <bjorn@rombobjörn.se> [20080823 18:57]:
> > The first announcement gave me the impression that there was a technical
> > problem, such as overloaded web servers or a crashed database or
> > something. In retrospect it's obvious that when that announcement was
> > written they already knew or at least suspected that there had been an
> > intrusion. This gives me the impression that Paul W. Frields was not
> > being truthful. He lied by telling half the truth.
>
> That is a pretty strong statement to make. Not telling everything does
> not equate lying - especially when what you are telling (or can tell)
> is true. And if all you have is an impression that he is not truthful,
> you conceed that you have no evidence to the contrary as well.
>
> I think you owe Paul Frields an apology.

It would be possible to convince me that he didn't mean to deceive. It would
take an honest-sounding statement that he thought that everybody would
understand that installing packages might be not only unsafe but actually
insecure, and also a very good explanation of why he – or someone giving him
orders – thought it was absolutely necessary to be so cryptic. It would be
dishonest to apologize before I'm convinced.

Björn Persson
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-23-2008, 11:58 PM
Björn Persson
 
Default non-disclosure of infrastructure problem a management issue?
Bjørn Tore Sund wrote:
> One thing this
> incident has taught us is to take regular backups of that mirror so that we
> can roll back to a non-suspect version of the Fedora updates. *Didn't have
> that before, really missed it the last couple of weeks.

How far would you have rolled it back? During the whole time that the Fedora
repositories were suspect there was no information whatsoever on how old
packages would have to be to be non-suspect. And while the infrastructure
team either knew or suspected the whole time that the issue they were
investigating was an intrusion, it probably did take some time before they
knew how long the intrusion had been going on.

Björn Persson
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Page 4 of 4 « First < 23 4

Thread Tools




All times are GMT. The time now is 08:12 AM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org

Contact Us - Linux Archive - Archive - Top -