non-disclosure of infrastructure problem a management issue?
Michael Schwendt
mschwendt at gmail.com
Mon Aug 25 10:11:05 UTC 2008
On Mon, 25 Aug 2008 18:42:03 +0930, Tim wrote:
> On Mon, 2008-08-25 at 03:11 -0700, Craig White wrote:
> > I fully expect that the reason that they took the system off-line 10
> > days ago was a clear indication of their doubt of the sanctity of the
> > packages and they didn't put it back online until they felt that they
> > felt that they knew the extent of the compromise.
>
> We're were all guessing about that sort of thing, because we had to.
> But a wonky system would be just as likely explanation for why a server
> was offline, even for a prolonged period. Yes, I know there's other
> risks, etc., but that warning was just bad.
>
> Put the shoe on the other foot. The infrastructure could have had a
> plain old fault and gone off-line, and we could have been speculating
> all over the place about security breaches, hacks, and been completely
> wrong.
In one of the announcements (or a reply to it) a detailed time line of the
incident was promised. Let's wait for the details! Fact is, however, they
discovered something -- they called it "issues" unfortunately -- and
decided it to be severe enough to take offline several servers. Most
interesting will be to learn what exactly they discovered and in which
order (at Fedora *and* Red Hat, either at once or independent from
eachother, but in the same week). What evidence lead to the decision to
switch off essential servers, but refer to it as just "issues"?
More information about the fedora-list
mailing list