non-disclosure of infrastructure problem a management issue?
Björn Persson
bjorn at xn--rombobjrn-67a.se
Sun Aug 24 18:20:50 UTC 2008
max wrote:
> If you and others want to insist that it was
> just not wanting to own up to the incident
It doesn't seem likely that that was the reason. If they didn't want to admit
that there had been an intrusion, then I don't think they would have sent out
any warning at all. They did try to get a warning out, but they didn't want
to say that it was about security. I don't know if they thought that
everybody would be able to read between the lines, or if they thought that
people wouldn't understand but would stop updating without knowing why, but
either way I don't understand why they didn't tell us clearly what it was
they were trying to warn us about.
> then I have to assume you
> don't trust the Fedora Project.
I did trust the Fedora project. Now I'm not so sure anymore.
> The only thing that's been made clear is that the Fedora
> Project has a number of users who take it for granted.
Take what for granted? The Fedora project's existence? Its security? Its
openness? Yes, maybe I did take its openness for granted. There's been a lot
of talk about openness and having the community involved on equal terms. I
guess I believed it.
> > Can you answer the opposite question: Why the cryptic message? Can you
> > think of a rational reason to avoid the word "security"? Something more
> > concrete than just "legal issues"?
>
> Once again we don't know the constraints imposed on them. Some are
> certainly caused by legal issues and what remains an on going
> investigation. Your opinion of US law is irrelevant, I've had my issues
> with it before as well but the law is the law. The point is that we
> don't have all the facts.
In other words, no, you can't think of a plausible reason either.
> The more important point is that you have used
> half the facts to indict Paul Frields.
I have not accused Paul Frields of a crime. I pointed out that the extreme
vagueness of his announcements, which he claimed had the purpose of avoiding
the impression that he wasn't truthful, actually had the opposite effect on
me. That's a failure to some degree if his intentions were honest. It's not a
crime. I have also left the possibility open that someone else may have given
him orders.
I didn't use anywhere near half the facts. I used two facts: That the issue
was a security issue, and that this was not clearly stated in the first
announcement.
> you have rushed to judgement before a
> reasonable amount of time has been given to carry out the investigation.
This is not about how long the investigation takes. It's about the lack of the
word "security" in the first announcement. I fully understand that the
investigation takes time. It did not, however, take this long to find out
that the issue was a security issue. If you think I'm complaining that the
investigation takes too long, then you haven't read what I've written.
Björn Persson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20080824/26a9cd0b/attachment-0001.bin
More information about the users
mailing list