non-disclosure of infrastructure problem a management issue?

Björn Persson bjorn at xn--rombobjrn-67a.se
Sun Aug 24 18:20:50 UTC 2008


max wrote:
> If you and others want to insist that it was
> just not wanting to own up to the incident

It doesn't seem likely that that was the reason. If they didn't want to admit 
that there had been an intrusion, then I don't think they would have sent out 
any warning at all. They did try to get a warning out, but they didn't want 
to say that it was about security. I don't know if they thought that 
everybody would be able to read between the lines, or if they thought that 
people wouldn't understand but would stop updating without knowing why, but 
either way I don't understand why they didn't tell us clearly what it was 
they were trying to warn us about.

> then I have to assume you 
> don't trust the Fedora Project.

I did trust the Fedora project. Now I'm not so sure anymore.

> The only thing that's been made clear is that the Fedora
> Project has a number of users who take it for granted.

Take what for granted? The Fedora project's existence? Its security? Its 
openness? Yes, maybe I did take its openness for granted. There's been a lot 
of talk about openness and having the community involved on equal terms. I 
guess I believed it.

> > Can you answer the opposite question: Why the cryptic message? Can you
> > think of a rational reason to avoid the word "security"? Something more
> > concrete than just "legal issues"?
>
> Once again we don't know the constraints imposed on them. Some are
> certainly caused by legal issues and what remains an on going
> investigation. Your opinion of US law is irrelevant, I've had my issues
> with it before as well but the law is the law. The point is that we
> don't have all the facts.

In other words, no, you can't think of a plausible reason either.

> The more important point is that you have used 
> half the facts to indict Paul Frields.

I have not accused Paul Frields of a crime. I pointed out that the extreme 
vagueness of his announcements, which he claimed had the purpose of avoiding 
the impression that he wasn't truthful, actually had the opposite effect on 
me. That's a failure to some degree if his intentions were honest. It's not a 
crime. I have also left the possibility open that someone else may have given 
him orders.

I didn't use anywhere near half the facts. I used two facts: That the issue 
was a security issue, and that this was not clearly stated in the first 
announcement.

> you have rushed to judgement before a
> reasonable amount of time has been given to carry out the investigation.

This is not about how long the investigation takes. It's about the lack of the 
word "security" in the first announcement. I fully understand that the 
investigation takes time. It did not, however, take this long to find out 
that the issue was a security issue. If you think I'm complaining that the 
investigation takes too long, then you haven't read what I've written.

Björn Persson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20080824/26a9cd0b/attachment-0001.bin 


More information about the users mailing list