non-disclosure of infrastructure problem a management issue?
Craig White
craigwhite at azapple.com
Mon Aug 25 04:38:18 UTC 2008
On Sun, 2008-08-24 at 15:15 -0600, Frank Cox wrote:
> On Sun, 24 Aug 2008 14:09:53 -0700
> Craig White <craigwhite at azapple.com> wrote:
>
>
> > just curious Frank...if you don't trust Fedora Project people to do the
> > right thing, why are you installing it on any of your computers?
>
> I've been using it for some time and it generally works quite well.
>
> I'm currently engaged in a debate regarding the appropriate level of
> disclosure that should be undertaken in view of an apparent security breach.
>
> My hope is that my contribution to this debate will be beneficial and help to
> provide guidance to the community when formulating an appropriate response to
> the current and any future situations.
>
> Thanks for asking.
----
There are circles where my opinion doesn't count and undoubtedly, this
is one of them. Given that Fedora relies upon Red Hat servers for these
things, it's not completely a community issue - in fact, it's clear that
Red Hat has their own interests which trump Fedora's interests.
Of course the Fedora Project board members are the first line of
thought/responsibility for Fedora Project interests and there is a
symbiotic relationship with Red Hat.
I suppose you can drive the debate as long or as far as you wish but as
someone who once had some boxes compromised (a long time ago before I
fully understood firewalls), there's a lot of things to deal with and
informing clients - especially when the full extent is unknown is not a
terribly attractive prospect and definitely lower on the priority scale
than auditing the problem and obviously fixing the problem.
Craig
More information about the fedora-list
mailing list