Infrastructure status, 2008-08-16 UTC 1530
Todd Denniston
Todd.Denniston at ssa.crane.navy.mil
Wed Aug 20 16:45:40 UTC 2008
Jeff Spaleta wrote, On 08/18/2008 02:15 PM:
> On Mon, Aug 18, 2008 at 8:27 AM, g <geleem at bellsouth.net> wrote:
>> anyone who is not subscribed to 'fedora-announce-list' have no one other
>> than them selves to blame for not being aware.
>>
>> fact that something such as this has happened, it would be best that all
>> who are not subscribed to 'fedora-announce-list', should do so.
>
> The specific current situation aside for a moment. As a Board member,
> I am interested in thinking about a better mechanism of communication
> of anything hoped to be seen by the entire community.
<SNIP>
>
> I do not want to go into this too deeply until the current situation
> has been resolved. I do not want to be a distraction. But I think this
> is an area where someone could step up and provide some new code to
> make communicating important announcements easier.
I don't think new code is needed, the announcement occurred and has been duly
noted. As geleem noted we need to watch the very low volume
fedora-announce-list or at least view it's archive on a periodic basis, no big
deal on the tools to communicate being there, because they are.
The problem is not that communication did not happen. The problem is that
Paul dropped a line which can imply things that MAY be well beyond the true
situation. I think Matthew Miller's message[1] summarizes, very well, an
extreme position that can be implied from "We're still assessing the end-user
impact of the situation, but as a precaution, we recommend you not download or
update any additional packages on your Fedora systems"[2]. Also very little
in the related messages[3][4] has reduced the perceived likely hood that the
extreme position is wrong.
I think this could be calmed down (communication on _this_ sub-issue
COMPLETED) if Fedora/Red Hat could issue a statement indicating at least one of:
1) 'we have no reason to believe that THE private keys used to sign rpms have
been compromised.'
2) 'Look folks it was just a big hardware heading for the big sleep problem,
and the mirrors probably got a combination of rpms that would not be able to
resolve all the dependencies because of incomplete pushes from kjoii to
updates.' {we (users) already understand from [3] that there has been a
decision that as long as we are down, replace some old hardware. response:
cool faster stuff.}
3) 'updates released before ## MMM YYYY are not going to cause a problem.' or
'none of the updates will cause a security compromise problem, though some of
the dependencies may not be available, and thus have the possibility to cause
an security availability problem.'
[1] 'Re: important question about updates [was Re: Infrastructure status,
2008-08-19 UTC 0200]'
https://www.redhat.com/archives/fedora-list/2008-August/msg02048.html
BTW +1 on all Matthew said in[1].
[2] https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00008.html
[3] https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00009.html
[4] https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00011.html
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
More information about the users
mailing list