The Fedora-Red Hat Crisis (Datamation)

If Red Hat/Fedora's problem was linked to a bug or a problem in some code they've been distributing (for which fixed packages were not already available), sure they need to do full disclosure on it.

OTOH if the intrusion was linked to social engineering, system misconfiguration, publicly available updates not applied yet, or internal code/scripts/glue, sorry but it is none of the general's public business. Red Hat doesn't owe anyone external an explication on how they were caught with their pants down, as entertaining as it might be, as long as they're not pushing faulty pants to someone else (and fixed their setup).

That's the difference between "Ford sells A engines that go boom under B conditions" and "through B screwups the maintenance of C equipment was not done properly in the D Ford factory producing A engines, and it had to be shut down for emergency repairs".

So far all the messages we've seen point to the second scenario.

Debian's problems were quite different. It had widely distributed broken software, and had compromised the security of numerous third-party systems (the second part in true both for the SSL screwup and the server breach). So far there's no evidence the Red Hat incident has affected anything but Red Hat internal systems, and I don't doubt many people have checked this independantly in the past month.