Re: non-disclosure of infrastructure problem a management issue?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Les Mikesell wrote:

max wrote:
You call it paranoia, I call it common sense. Do the math, I did. I felt that if it was anything but a security issue then they'd have come right out and said so. The only reason not to come out and say so boiled down to a handful of things.
But doesn't a security issue usually imply that everyone else running the same software is vulnerable to the same intrusion? That is, the
maybe but we don't know yet what exactly happened. My issue is not with saying it was handled badly. I would have preferred that more information was provided. That isn't what happened though and ultimately it comes down to a matter of trust. Second guessing the man on the ground is popular but unwise, people only assume they would have done better in the same situation but that is by no means certain. Your on the scene, you make a judgement call based on what you know and what you think best at the moment. Hindsight is always 20/20, having to make the call is harder by far and I think accusing Paul Frields of intentionally deceiving us is going to far, especially without all the facts. This didn't happen last year, its on going, taking place over the course of a couple of weeks and its only fair to allow time for a proper assesment of the situation. How many complaints would we have seen if it turned out to be a false alarm? How many would have blown away their systems and then cried that nothing should have been said until they were certain what had transpired? 


last thing you want to do is keep running with no updates.
The only thing that's been made clear is that the Fedora Project has a number of users who take it for granted.
Do we know yet how the initial access to the machine was obtained? Ssh password-guessing or a more fundamental software problem that may still be a danger for others?
That is precisely the point , we don't know much. If users don't trust the Fedora Project then they should go elsewhere but I doubt they'll do any better. Some organizations won't even give a vague warning, never mind admit they've been cracked. 


--
Fortune favors the BOLD

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux