Re: non-disclosure of infrastructure problem a management issue?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Björn Persson wrote:
max wrote:
You had no idea there was a security
issue? It was the first thing to cross my mind when I first saw the
announcement. What else could it have been? Why else the cryptic
message?

You're lucky to be that paranoid. Many people would call me paranoid if they knew what kind of security measures I take with my home computers, but apparently I'm not paranoid enough yet.

Can you answer the opposite question: Why the cryptic message? Can you think of a rational reason to avoid the word "security"? Something more concrete than just "legal issues"?

The whole point is that no one on this list except possibly Red Hat employees or Fedora board members can answer that. These are not stupid people. These are not dishonest people. They're not devious folks. These are the same folks from whom you consume a distribution, people who devote their careers to making OSS, specifically Fedora, work as well as it does. They do a really hard, mostly thankless job.

Recovery from a security is *very* hard work. You need to determine the attack vector, the extent of the breach, remediate the breach, rebuild damaged servers, restore data and services, notify anyone whose information might have been compromised, forensically analyze the systems, etc., etc., etc. All while trying to preserve any evidence which might be needed by any law enforcement agencies which have been involved. Oh, and until the full extent of the breach is determined, it is foolish and irresponsible to announce anything about that breach. Had Paul said "Hey all, we've gotten hacked and we don't know how badly or how they got in or what the damage is" he'd have been eaten alive, and rightly so. Instead he took a very reasonable approach, apparently disclosed as much as he could at the time, and warned folks as soon as he could to not trust updates.

But here you come from the outside and publicly call the head of the project a liar when you *clearly* do not have all the information. What arrogance. Congratulations, you've just landed at the top of the "Asshole of the Year" list.

Welcome to my killfile, Björn.

--
Thomas

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux