Bill Crawford wrote:
On 02/09/2008, Les Mikesell <[EMAIL PROTECTED]> wrote:

When and how did the intrusion occur?  How was it initially detected?


I don't actually need to know, so I'm not making a fuss.

I suspect, as has been hinted at here multiple times, there may be
legal reasons why they haven't provided you with some of the details
you would like to see.

As noted, the detail I would have liked was to know if this was a failure of system security or a failure of misplaced trust. If there is a hole in their server system security it's likely to be in ours as well.

And if someone could say with certainty that packages downloaded before {date} were safe, it would be more reassuring than "there is little
risk to Fedora users who wish to install or upgrade signed Fedora
packages." If the start date of the problem is known, that would be really good information for people who keep a local repository and don't have to upgrade every new install totally over the network.

I'd suggest re-reading the announcement that Paul W. Frields sent out
(url below) and then, should you really, really feel the need to know
more, I'd suggest you contact whoever at the Fedora Project you pay
for support, complaining about your SLA not being met ;o)

I felt the need to spend some of my three day holiday reinstalling servers with another distribution, when knowing the start date of the problem would have let me make an intelligent choice. Saying "was quickly discovered" doesn't tell me if it was minutes, hours, or months. What I was looking for was a "safe if loaded before" date.

So yes, I "really, really" felt the need to know more.

Bill Davidsen <[EMAIL PROTECTED]>
  "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

fedora-list mailing list
To unsubscribe:

Reply via email to