On Sat, 2008-08-23 at 07:24 +0530, Rahul Sundaram wrote: > "If you've ever been involved in a security investigation, you already > know that facts emerge over time. With every disclosure there's a > risk of getting those facts wrong, or having to issue retractions. > Disclosure at an inappropriate time gives people the mistaken > impression one is not being truthful, when that's not the case. > > The disclosures we've made up to and including this point have been > factual, in the interest of protecting the security of our millions of > users, and in the further interest of allowing proper investigation > and analysis of an ongoing matter. I still don't see why they couldn't have said that it would be *unsafe* to install packages, without saying specifically why. As opposed to them wording it as if there were just unreliable services. The original posting just seems to suggest that the services may be wonky. It also makes one think they they ought to (a) off-line the source servers, *and* (b) have some way to make the mirrors go off-line, too, with some form of "prolonged downtime expected" error message. -- [tim@localhost ~]$ uname -r 2.6.25.14-108.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
