[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: No more Bugzilla for me

On 04/23/2009 04:57 AM, Kevin Kofler wrote:
Chris Adams wrote:
I would expect "security paranoia" is in response to last year's
incident.  Things were pretty loose and easy before that, and look where
that got Fedora.

That harmless intrusion (nothing actually got compromised in Fedora space,
all the packages in the repo verified intact and there's no evidence of any
malicious packages having been signed) got blown way out of proportion (too
long downtime, too much secrecy, ...), more paranoia is exactly the
opposite of what we need.

         Kevin Kofler

I'm on the "forcing changing of passwords is not the best idea unless confirmed to be weak" side of things myself, but the security intrusion, had it not been detected, could have been disastrous, because the intruder injected a compromised rpm binary. It wasn't worse because it was caught in time, thank God.

I do not think Bugzilla passwords would help in that situation, anyway, though.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]