On Fri, Aug 22, 2008 at 10:36:21AM +1200, Clint Dilks wrote: > Bjoern Tore Sund wrote: >> It has now been a full week since the first announcement that Fedora >> had "infrastructure problems" and to stop updating systems. Since >> then there has been two updates to the announcement, none of which >> have modified the "don't update" advice and noen of which has been >> specific as to the exact nature of the problems. At one point we >> received a list of servers, but not services, which were back up and >> running. >> >> The University of Bergen has 500 linux clients running Fedora. We >> average one reinstall/fresh install per day, often doing quite a lot >> more. Installs and reinstalls has had to stop completely, nightly >> updates have stopped, and until the nature of the problem is revealed >> we don't even know for certain whether it is safe for our IT staff to >> type admin passwords to our (RHEL-based, for the most part) servers >> from these work stations. With 500 clients ? Are you pulling updated from the internet or are you pulling from a local cache of "tested" updates. Are you using site specific kickstart config files that install local yum config files, ssh keys, sendmail setup and sudo config files so your admins can access the hosts without typing pass words? What revision control of the config files? I can see that the lack of updates would prove disconcerting but the inability to maintain day to day, another one just like yesterdays install seems fragile. In business school there is a strategy of "owning your own dependencies". The long term success stories in business include strong control of resources that they depend on. It is possible to manage yum and friends to allow only update packages resigned by your group at Bergan after testing them. My last question -- what is the University of Bergin's written policy for this type and other risks. Does university policy mandate the disclosure that you expect from RedHat. ---- In possible defense of RH does anyone know what restrictions the US Department of Homeland Security might impose? If I was RH I would have promptly called in the authorities. Then with the conflict between Georgia and Russia catching headlines who knows how cautious and SLOW RH+DHS+FBI were. I do not expect an answer..... and just because some are paranoid, RH did get hacked.... -- T o m M i t c h e l l Got a great hat... now what. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
