LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

An update on Fedora's "issues"

An update on Fedora's "issues"

Posted Aug 16, 2008 22:16 UTC (Sat) by me@jasonclinton.com (subscriber, #52701)
In reply to: An update on Fedora's "issues" by ESRI
Parent article: An update on Fedora's "issues" 

We'll really just have to wait until they disclose what happened. If this turns out to be a
security issue, I don't think anyone will ever trust them again (given the lack of
disclosure). OTOH, it could just be failed hardware. Hard to tell without some actual
information.

(Log in to post comments)

An update on Fedora's "issues"

Posted Aug 17, 2008 0:35 UTC (Sun) by ofeeley (subscriber, #36105) [Link] 

That depends on what the security issue actually is and who is affected by it. Full disclosure
is attractive when I'm the one affected, but if the problem solely affects the Fedora Project
entity then they have a right to restrict information as they see fit.

However, it's pointless to speculate at this stage (and believe me I've been searching the
lists and bug-tickets for possible clues!) and may be something mundane involving running out
of resources for crucial infrastructure servers or completely broken packages being made
available for updates. It's hard to guess why such causes would not simply be stated as a
reason though.

An update on Fedora's "issues"

Posted Aug 17, 2008 14:14 UTC (Sun) by AlexHudson (guest, #41828) [Link] 

Full disclosure only works when you are able to disclose a work-around or some kind of other
fix. If you disclose and there's nothing (or only very painful solutions) that people can
implement, that's a pretty bad idea.

An update on Fedora's "issues"

Posted Aug 17, 2008 14:54 UTC (Sun) by jengelh (subscriber, #33263) [Link] 

>We'll really just have to wait until they disclose what happened. If this turns out to be a
security issue, I don't think anyone will ever trust them again (given the lack of
disclosure). OTOH, it could just be failed hardware. Hard to tell without some actual
information.

"Please don't update" with failed hardware? No, if the hardware failed they'd just let it go
("server is busted, please use a mirror"). This smells much like the Debian intrusion in July
2006.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds