[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Infrastructure status, 2008-08-16 UTC 1530

Jeff Spaleta wrote, On 08/18/2008 02:15 PM:
On Mon, Aug 18, 2008 at 8:27 AM, g <geleem bellsouth net> wrote:
anyone who is not subscribed to 'fedora-announce-list' have no one other
than them selves to blame for not being aware.

fact that something such as this has happened, it would be best that all
who are not subscribed to 'fedora-announce-list', should do so.

The specific current situation aside for a moment. As a Board member,
I am interested in thinking about a better mechanism of communication
of anything hoped to be seen by the entire community.

I do not want to go into this too deeply until the current situation
has been resolved. I do not want to be a distraction. But I think this
is an area where someone could step up and provide some new code to
make communicating important announcements easier.

I don't think new code is needed, the announcement occurred and has been duly
noted.  As geleem noted we need to watch the very low volume
fedora-announce-list or at least view it's archive on a periodic basis, no big
deal on the tools to communicate being there, because they are.

The problem is not that communication did not happen.  The problem is that
Paul dropped a line which can imply things that MAY be well beyond the true
situation. I think Matthew Miller's message[1] summarizes, very well, an
extreme position that can be implied from "We're still assessing the end-user
impact of the situation, but as a precaution, we recommend you not download or
update any additional packages on your Fedora systems"[2].  Also very little
in the related messages[3][4] has reduced the perceived likely hood that the
extreme position is wrong.

I think this could be calmed down (communication on _this_ sub-issue
COMPLETED) if Fedora/Red Hat could issue a statement indicating at least one of:
1) 'we have no reason to believe that THE private keys used to sign rpms have
been compromised.'
2) 'Look folks it was just a big hardware heading for the big sleep problem,
and the mirrors probably got a combination of rpms that would not be able to
resolve all the dependencies because of incomplete pushes from kjoii to
updates.' {we (users) already understand from [3] that there has been a decision that as long as we are down, replace some old hardware. response: cool faster stuff.}
3) 'updates released before ## MMM YYYY are not going to cause a problem.' or
'none of the updates will cause a security compromise problem, though some of
the dependencies may not be available, and thus have the possibility to cause
an security availability problem.'

[1] 'Re: important question about updates [was Re: Infrastructure status,
2008-08-19 UTC 0200]'
BTW +1 on all Matthew said in[1].

[2] https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00008.html

[3] https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00009.html
[4] https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00011.html

Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]