security blankets (was Re: non-disclosure of infrastructure problem a management issue?)
Joel Rees
joel.rees at gmail.com
Sun Aug 24 23:17:18 UTC 2008
>>
>> then I have to assume you
>> don't trust the Fedora Project.
>
> I did trust the Fedora project. Now I'm not so sure anymore.
Then who are you going to trust?
Uhm, no, I guess that's not the right question, it only reminds us
that we want to stay with F/OSS.
Let me suggest to anyone who is still hot under the collar about the
current situation, two things:
One, if you want to understand the appropriate level of paranoia, go
spend a day working backwards through the openbsd archives. Try
http://marc.info/?l=openbsd-misc
That will be plenty interesting.
Two, if you've been paying attention to the news from more than a
month ago, you should at least know there are active DNS exploits in
the wild.
ACTIVE
DNS EXPLOITS
IN THE WILD
They haven't been shouting because it shouldn't be necessary. Under
the circumstances, we should be significantly more paranoid and more
cautious than we usually should be.
The original announcement should have been enough, even if it wasn't
perfect.
Joel Rees
More information about the fedora-list
mailing list