Craig White wrote:
> On Mon, 2008-08-25 at 12:30 +0930, Tim wrote:
>> If it turned out that *because* of a lack of good warning, when a good
>> warning could have been given out, that boxes got compromised all over
>> the planet, you'd find users really pissed off and leaving in droves,
>> and Red Hat and Fedora with a shattered reputation.
> ----
> I fully expect that the reason that they took the system off-line 10
> days ago was a clear indication of their doubt of the sanctity of the
> packages and they didn't put it back online until they felt that they
> felt that they knew the extent of the compromise.
> Let's be real here...there have been instances when viruses and other
> compromised code has been distributed, even in shrink wrapped
> proprietary software and we all have expectations of best efforts and if
> someone feels that best efforts aren't being given, then they should
> find another Linux distribution.
> Craig
Another thing to consider - by taking the systems offline, they
prevented any of the mirrors from grabbing any possible corrupted
packages. This gives them a chance to determine if there were any
packages built and what mirrors would have them. It would be
interesting to see if any mirrors were contacted to remove packages...


  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

Attachment: signature.asc
Description: OpenPGP digital signature

fedora-list mailing list
To unsubscribe:

Reply via email to