Signing for fedora-announce with fedora-list (was Infrastructure status, 2008-08-16 UTC 1530)
James Wilkinson
fedora at aprilcottage.co.uk
Thu Aug 21 21:37:36 UTC 2008
Bruno Wolff III wrote:
> What they did seems unreasonable to me. There is no reason I can think of
> that should have prevented them for explaining what was going on in general.
In
https://www.redhat.com/archives/fedora-advisory-board/2008-August/msg00078.html
Tom Callaway writes:
> Without being specific, know that your concerns have been heard, and are
> in the process of being addressed. Please don’t ask me for more details,
> it is not my place to give them.
>
> Thanks,
>
> Tom Callaway, Fedora Legal
That’s the first time on that list this year that Tom has signed himself
anything other than “~spot”. Now this may be because he was writing to a
non-board member, and wanted to explain who he was. Or he may have been
giving us a clue that there are legal reasons why Fedora is keeping
quiet.
I can think of two possibilities: either law enforcement has got
involved and arrests may be forthcoming, or Fedora became aware of a
problem through something like vendor-sec (a mailing list that various
distributors use to share information about vulnerabilities), and Fedora
is legally obliged to keep information to itself until other
distributors have had a chance to prepare and test security patches.
(Depending on the vulnerability, Fedora may feel that any clarification
of which part of the system was vulnerable would amount to disclosure to
someone with enough knowledge of the programs in question.)
And I suppose I should say that I have absolutely no way of knowing
whether my guesses are accurate.
James.
--
E-mail: james@ | ... clueless he is not. He's just selective about which
aprilcottage.co.uk | clues to pay attention to.
| -- Shmuel (Seymour J.) Metz
More information about the users
mailing list