non-disclosure of infrastructure problem a management issue?
Rahul Sundaram
sundaram at fedoraproject.org
Fri Aug 22 23:10:06 UTC 2008
Björn Persson wrote:
> fredagen den 22 augusti 2008 skrev Tim:
>> On Fri, 2008-08-22 at 16:08 +0100, Anne Wilson wrote:
>>> There was an intrusion, and it affected the server which signs
>>> packages, hence the warning to hold off until tests had been done.
>> They really should have said something more like that, first off.
>
> I agree. I can't see any reason why they couldn't have said the following a
> week ago:
>
> "We suspect that some Fedora servers may have been illegally accessed. We are
> working to analyze the intrusion and the extent of the compromise. Right now
> we can't rule out the possibility that there may be tampered packages on the
> mirrors, so as a precaution we recommend you not download or update any
> additional packages on your Fedora systems. The investigation may result in
> service outages, for which we apologize in advance."
https://www.redhat.com/archives/fedora-advisory-board/2008-August/msg00088.html
Rahul
More information about the users
mailing list