| |||||||||||||
Same problem, different perceptionsSame problem, different perceptionsPosted Sep 11, 2008 20:16 UTC (Thu) by jake (editor, #205)In reply to: Same problem, different perceptions by quaid Parent article: Fedora distributes new keys
> I think you showed (and identified) your personal bias that the existence
> of Red Hat in Fedora's affairs makes Fedora less of a community distro.
My use of "community" was not really describing what I meant. "Independent" is a much better word and the one I used in the article. I did not mean to push the hot button that Fedora folks have (understandably) about being a "community" distribution.
> if you believe "... it comes from red hat legal or at least that is the
I, like most folks, don't know what to believe. Someone is stopping you (perhaps not you personally, but Fedora) from telling us important things like whether you know how the intrusion happened. Whoever is doing that has done a grave disservice to the reputation of Fedora and Red Hat.
You, and others, have implied that it is some kind of law enforcement agency, perhaps even a National Security Letter, that is stopping *any* information from being released. If so, one hopes that Red Hat's lawyers are busy doing whatever they can to circumvent that. Fedora and Red Hat have a responsibility to their customers and the community that is being set aside.
It's not that folks don't understand that Fedora cannot say any more than it has, it's that they fairly strongly believe that more could be said without jeopardizing whatever ongoing investigation there is. While we eventually want to know what all the hubbub is about, what we want to know *now*, nearly a month after the incident, is what, if anything, we need to be on the lookout for. If there is some unknown exploit out there, many eyes are more likely to find it than one. If there isn't, then someone should force the entity responsible to *say* so.
jake
(Log in to post comments)
Same problem, different perceptions Posted Sep 11, 2008 20:38 UTC (Thu) by pr1268 (subscriber, #24648) [Link] Very well said! And I'd also like to thank you, Jake, for participating in this discussion. Even as a non-RH/Fedora user, I'm still following this whole story closely as the incident, its aftermath, and RH's/Fedora's corrective strategies all impact Free/Open Source in general.
Same problem, different perceptions Posted Sep 11, 2008 20:51 UTC (Thu) by skvidal (subscriber, #3094) [Link]
I'll quote, again, from the announcement from 8/22:
"These efforts have also not resulted in the discovery of additional security vulnerabilities in packages provided by Fedora."
and then I'll quote from my own blog:
Hope this helps.
Same problem, different perceptions Posted Sep 11, 2008 21:08 UTC (Thu) by jake (editor, #205) [Link]
> "These efforts have also not resulted in the discovery of additional
> security vulnerabilities in packages provided by Fedora."
Which can be read several different ways:
- we don't know how the intrusion occurred
I know you are trying to be helpful and you folks don't like this any more than I do, but after almost a month, I think we are due more than lawyer-ese like the above.
jake
|
|||||||||||||