Bruno Wolff III wrote: > What they did seems unreasonable to me. There is no reason I can think of > that should have prevented them for explaining what was going on in general. In https://www.redhat.com/archives/fedora-advisory-board/2008-August/msg00078.html Tom Callaway writes: > Without being specific, know that your concerns have been heard, and are > in the process of being addressed. Please don’t ask me for more details, > it is not my place to give them. > > Thanks, > > Tom Callaway, Fedora Legal That’s the first time on that list this year that Tom has signed himself anything other than “~spot”. Now this may be because he was writing to a non-board member, and wanted to explain who he was. Or he may have been giving us a clue that there are legal reasons why Fedora is keeping quiet. I can think of two possibilities: either law enforcement has got involved and arrests may be forthcoming, or Fedora became aware of a problem through something like vendor-sec (a mailing list that various distributors use to share information about vulnerabilities), and Fedora is legally obliged to keep information to itself until other distributors have had a chance to prepare and test security patches. (Depending on the vulnerability, Fedora may feel that any clarification of which part of the system was vulnerable would amount to disclosure to someone with enough knowledge of the programs in question.) And I suppose I should say that I have absolutely no way of knowing whether my guesses are accurate. James. -- E-mail: james@ | ... clueless he is not. He's just selective about which aprilcottage.co.uk | clues to pay attention to. | -- Shmuel (Seymour J.) Metz -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list