Rui Miguel Silva Seabra wrote: > The first message... > https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00008.h >tml > > ... said: > > We're still assessing the end-user impact of the situation, but as a > precaution, we recommend you not download or update any additional > packages on your Fedora systems. > > This spells "*unsafe* to install packages, without saying specifically > why" to me, what about you? :) To me it looked like there was a problem with the performance or availability of the servers, and they didn't know how much downtime there would be or how bad the response times would be, and they wanted us to avoid updating to ease the load on the servers until they could fix the problem. That wouldn't make it unsafe to install packages although it might be difficult to download them. I can also imagine that such a recommendation would be issued if a bug in the build system had caused corrupted packages or incorrect dependencies. In that case it could be said that it would be unsafe to install packages, but I might still choose to update some after ensuring that I could revert to an older version if necessary. It wasn't until I saw the speculations here in fedora-list that I understood that there might be a risk that I would get backdoors installed if I updated. It's mostly by chance that I'm currently reading fedora-list. If I were only reading fedora-announce-list I might not have understood that there was a security risk until yesterday's announcement, and then I would probably have chosen to install some important security updates despite the recommendation. It's simple, really: People won't follow instructions if you don't tell them why the instructions are important. Björn Persson
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
