On Mon, 2008-08-25 at 12:30 +0930, Tim wrote: > On Sun, 2008-08-24 at 21:38 -0700, Craig White wrote: > > there's a lot of things to deal with and informing clients - > > especially when the full extent is unknown is not a terribly > > attractive prospect and definitely lower on the priority scale > > than auditing the problem and obviously fixing the problem. > > I think most of us were more peeved about not getting a *clear* warning, > promptly, and wanting to know whether it really was a safety issue (do > not download) or just broken servers (downloads may fail). The how and > what actually happened could have come out later on. > > If it turned out that *because* of a lack of good warning, when a good > warning could have been given out, that boxes got compromised all over > the planet, you'd find users really pissed off and leaving in droves, > and Red Hat and Fedora with a shattered reputation. ---- I fully expect that the reason that they took the system off-line 10 days ago was a clear indication of their doubt of the sanctity of the packages and they didn't put it back online until they felt that they felt that they knew the extent of the compromise. Let's be real here...there have been instances when viruses and other compromised code has been distributed, even in shrink wrapped proprietary software and we all have expectations of best efforts and if someone feels that best efforts aren't being given, then they should find another Linux distribution. Craig -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list