non-disclosure of infrastructure problem a management issue?

[Bruno Wolff III]

On Sun, Aug 24, 2008 at 11:15:26 -0400,
  max <maximilianbianco at gmail.com> wrote:
> out and said so. The only reason not to come out and say so boiled down  
> to a handful of things. An ongoing investigation and/or uncertainty  
> about what had happened. If you and others want to insist that it was  

And neither of those two reason provide good cause as to not notifying
the community that there was an intrusion, that the extent of the damage
was unknown, that the extent of the damage was being investigated and that
until further information becomes available it would be prudent not to
updates packages without good cause.

> just not wanting to own up to the incident then I have to assume you  
> don't trust the Fedora Project. If you don't trust it then why use the  

The way the incident was handled doesn't inspire trust. Lot's of other things
the project does though.

> satisfaction. The only thing that's been made clear is that the Fedora  
> Project has a number of users who take it for granted.

Or, alternatively a project that takes its community for granted.

> Once again we don't know the constraints imposed on them. Some are  
> certainly caused by legal issues and what remains an on going  

If they had legal constraints on them for some reason, then I would expect
that later they would explain what those constraints were and what they
were going to do to make sure they weren't under them in the future.

> don't have all the facts. The more important point is that you have used  
> half the facts to indict Paul Frields. I am willing to concede that you  

Even if Paul could not have done more in this case, because he was legally
handcuffed, there is still a problem. This is supposed to be a community
distribution and there should have been more information provided to
the community in a timely manner. This should be fixed for the next time
something like this happens.