Re: [in the news] Users howl as Fedora 12 gives root to unwashed masses
On Fri, Nov 20, 2009 at 12:34:20AM -0600, Mel Chua wrote: > >I think the update in progress needs to be ..uhm.. "propagated" more. > >Not a lot of folks (I also mean users who only heard of the drama via > >dents etc and nothing more) are aware of it. > > +1 - thanks for getting this started, Ankur. Things are moving fast > around here, and anything we can do to help with transparency > outreach around the situation is a Good Thing. I'll post some > resources in just a moment (Paul's announcement - which he linked to > in this thread - is one of them, and where I'd personally start > pointing people and articles to), with the caveat that this > situation *is* still evolving rapidly. > > Give me a moment and I'll round up some links... I'm also hoping > folks with more PR experience can chime in here with > thoughts/advice/tips/strategies/examples of similar issues being > handled well in the past. I also posted updates to my Twitter and identi.ca feeds this morning, with hashtagging that will help them get carried. RTs welcome. -- Paul W. Frieldshttp://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug -- Fedora-marketing-list mailing list Fedora-marketing-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-marketing-list
Re: [in the news] Users howl as Fedora 12 gives root to unwashed masses
On 11/20/2009 02:04 AM, susmit shannigrahi wrote: http://www.theregister.co.uk/2009/11/19/fedora_12_root_imbroglio/ The site has posted this update at the top of the article. "Updated: This story was updated about 11 hours after it was published to reflect that Fedora developers have reversed course. Operating system users once again will be required to enter a root password before installing software packages." Thanks for the heads-up, Susmit! Richard33, adamw, and MacroRodent rock. Sharp eyes, calm words, fast action. Actually, I think I'll post a roundup of examples of good responses that I've seen, and the resources I've seen those people use, so that it's hopefully easier for the rest of us to Go And Do Likewise. I believe a "how to respond to negative press" HOWTO was discussed at one point - perhaps this would be a good thing to spend one of our sprint sessions on after this settles down, as a way to reflect on how we did this time and make sure future generations have this history to learn from, too. --Mel "whoa, I'm slow at writing emails tonight" Chua -- Fedora-marketing-list mailing list Fedora-marketing-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-marketing-list
Re: [in the news] Users howl as Fedora 12 gives root to unwashed masses
> http://www.theregister.co.uk/2009/11/19/fedora_12_root_imbroglio/ The site has posted this update at the top of the article. "Updated: This story was updated about 11 hours after it was published to reflect that Fedora developers have reversed course. Operating system users once again will be required to enter a root password before installing software packages." -- Regards, Susmit. = http://www.fedoraproject.org/wiki/user:susmit = -- Fedora-marketing-list mailing list Fedora-marketing-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-marketing-list
Re: [in the news] Users howl as Fedora 12 gives root to unwashed masses
I think the update in progress needs to be ..uhm.. "propagated" more. Not a lot of folks (I also mean users who only heard of the drama via dents etc and nothing more) are aware of it. +1 - thanks for getting this started, Ankur. Things are moving fast around here, and anything we can do to help with transparency outreach around the situation is a Good Thing. I'll post some resources in just a moment (Paul's announcement - which he linked to in this thread - is one of them, and where I'd personally start pointing people and articles to), with the caveat that this situation *is* still evolving rapidly. Give me a moment and I'll round up some links... I'm also hoping folks with more PR experience can chime in here with thoughts/advice/tips/strategies/examples of similar issues being handled well in the past. --Mel -- Fedora-marketing-list mailing list Fedora-marketing-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-marketing-list
Re: [in the news] Users howl as Fedora 12 gives root to unwashed masses
On Thu, 2009-11-19 at 23:43 -0500, Paul W. Frields wrote: > On Fri, Nov 20, 2009 at 07:24:44AM +0530, susmit shannigrahi wrote: > > "Fedora users are revolting against a change introduced in the latest > > version of the operating system that allows the installation of > > thousands of software titles without an administrative password. > > > > Critics say the move diminishes the security of machines running the > > open-source OS by giving unprivileged users what amounts to > > administrative control. That could allow lower-level employees to > > install software that's not been approved by administrators, or worse, > > to gain root access by installing an application with a known security > > vulnerability and then intentionally exploiting it." > > > > > > http://www.theregister.co.uk/2009/11/19/fedora_12_root_imbroglio/ > > There's already an update in progress: > > https://www.redhat.com/archives/fedora-announce-list/2009-November/msg00012.html > hey, I think the update in progress needs to be ..uhm.. "propagated" more. Not a lot of folks (I also mean users who only heard of the drama via dents etc and nothing more) are aware of it. My bit: http://dodoincfedora.wordpress.com/2009/11/20/fedora-packagekit-change/ http://digg.com/d31AYzF regards, Ankur -- Fedora-marketing-list mailing list Fedora-marketing-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-marketing-list
Re: [in the news] Users howl as Fedora 12 gives root to unwashed masses
On Fri, Nov 20, 2009 at 08:42:25AM +0400, Amit Caleechurn wrote: >Now that an update has been announced for packagekit, will this update be >applied to official ISOs or will users be expected to apply the update >themselves or disable this behavior if they don't have the machine >connected to the net? There is no way to issue new official ISOs that does not create extreme confusion and problems for many users as well. Users will need to apply the update themselves, or use the documentation that's been provided in the updated Release Notes to get the alternate behavior they want. -- Paul W. Frieldshttp://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug -- Fedora-marketing-list mailing list Fedora-marketing-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-marketing-list
Re: [in the news] Users howl as Fedora 12 gives root to unwashed masses
On 11/20/2009 10:12 AM, Amit Caleechurn wrote: > Now that an update has been announced for packagekit, will this update > be applied to official ISOs or will users be expected to apply the > update themselves or disable this behavior if they don't have the > machine connected to the net? An update will be issued. No plans to roll out new ISO images. If you are not connected to the net, you don't have to worry about issue that much, anyway. Rahul -- Fedora-marketing-list mailing list Fedora-marketing-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-marketing-list
Re: [in the news] Users howl as Fedora 12 gives root to unwashed masses
On Fri, Nov 20, 2009 at 07:24:44AM +0530, susmit shannigrahi wrote: > "Fedora users are revolting against a change introduced in the latest > version of the operating system that allows the installation of > thousands of software titles without an administrative password. > > Critics say the move diminishes the security of machines running the > open-source OS by giving unprivileged users what amounts to > administrative control. That could allow lower-level employees to > install software that's not been approved by administrators, or worse, > to gain root access by installing an application with a known security > vulnerability and then intentionally exploiting it." > > > http://www.theregister.co.uk/2009/11/19/fedora_12_root_imbroglio/ There's already an update in progress: https://www.redhat.com/archives/fedora-announce-list/2009-November/msg00012.html -- Paul W. Frieldshttp://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug -- Fedora-marketing-list mailing list Fedora-marketing-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-marketing-list
Re: [in the news] Users howl as Fedora 12 gives root to unwashed masses
Now that an update has been announced for packagekit, will this update be applied to official ISOs or will users be expected to apply the update themselves or disable this behavior if they don't have the machine connected to the net? Regards, Amit On Fri, Nov 20, 2009 at 5:54 AM, susmit shannigrahi < thinklinux@gmail.com> wrote: > "Fedora users are revolting against a change introduced in the latest > version of the operating system that allows the installation of > thousands of software titles without an administrative password. > > Critics say the move diminishes the security of machines running the > open-source OS by giving unprivileged users what amounts to > administrative control. That could allow lower-level employees to > install software that's not been approved by administrators, or worse, > to gain root access by installing an application with a known security > vulnerability and then intentionally exploiting it." > > > http://www.theregister.co.uk/2009/11/19/fedora_12_root_imbroglio/ > > -- > Regards, > Susmit. > > = > http://www.fedoraproject.org/wiki/user:susmit > = > Sent from Calcutta, WB, India > > -- > Fedora-marketing-list mailing list > Fedora-marketing-list@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-marketing-list > -- Fedora-marketing-list mailing list Fedora-marketing-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-marketing-list