LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Weirdness at CentOS

Weirdness at CentOS

Posted Jul 30, 2009 21:37 UTC (Thu) by jspaleta (subscriber, #50639)
In reply to: Weirdness at CentOS by BackSeat
Parent article: Weirdness at CentOS

So using this same logic.. you would applaud a company for continuing to tell customers everything is going swimmingly when it is in fact not? Hmm, that's interesting.

No comment or worse deliberately craft misinformation is better for a customer and a potential customer? If organizations don't talk about the problems and are doing their utmost to project a false facade how does anyone make accurate judgements as to confidence.

I think you and I have very different definitions of professionalism.

-jef

(Log in to post comments)

Weirdness at CentOS

Posted Jul 30, 2009 21:54 UTC (Thu) by sbergman27 (guest, #10767) [Link]

Disclosure is fine and expected. But they could certainly have done without all the "CentOS will die" stuff, Jef.

Plus the fact that all of this was avoidable with even minimal attention to policy. It's not like they haven't had over five years.

Although I must say that it is ironic that you would champion the cause of disclosure. Had any good "infrastructure issues" lately? :-)

Weirdness at CentOS

Posted Jul 30, 2009 22:44 UTC (Thu) by jspaleta (subscriber, #50639) [Link]

The statement regarding the conditions of the death of the project are factually correct. If the developers all walk away...the project folds.
Do you dispute that? It's not even hyperbole...its the truth. It's like stating that if the fusion process in the core of the sun stops..the sun will die. Its the truth. Knowing that, am I afraid that the sun will die anytime soon? I'm pretty confident that it will continue. Is it unprofessional of me as a former fusion researcher to point the fact that the Sun's fusion process is critical?

So here we have a large group of CentOS developers saying that the project depends on developers to continue. If the developers aren't happy and the developers walk away...that would be a significant problem. CentOS is run by volunteers and everyone should keep that in mind...especially those people..like yourself perhaps.. professional who are making a business of leveraging the volunteer work when selling services to customers...without contributing back to that effort.

I use CentOS at work. Am I concerned that the developers are going to enmasse up and quit. Nope. Will CentOS go through a re-branding and a domain name...maybe. The trademarked name CentOS might die but the developers will continue the work apace. And lets face it, CentOS doesn't have the strongest brand in the world. The people who are leveraging it are leveraging it because its compatible with RHEL...it really doesn't matter what its called.

And since you brought it up...I am very much a champion of disclosure. Are you not satisified with the final summary of information Paul put out over events?
https://www.redhat.com/archives/fedora-announce-list/2009...

Are you not satisfied with the follow-up effort to create and publicly publish an incident procedure that will be followed in the future?
http://infrastructure.fedoraproject.org/csi/security-poli...

If the only thing that leaves you unsatisfied is the explanation as to the delayed public disclosure due to an ongoing investigation I'm not going to be able convince you otherwise. You either accept that explanation or you do not. The new incident response procedure should help prevent unnecessary delays if this ever happens again.

-jef


Weirdness at CentOS

Posted Jul 31, 2009 2:16 UTC (Fri) by sbergman27 (guest, #10767) [Link]

"""
If the only thing that leaves you unsatisfied is the explanation as to the delayed public disclosure...
"""

Seven months delayed public disclosure. Sure, they had excuses in hand, carefully worded by Red Hat's PR department and approved by Red Hat Legal. But other distros, Debian for example, don't seem to have that "can't do" attitude exhibited by Fedora under similar circumstances, and don't seem to need the carefully worded excuses. And no, there is really no way to know if what was (finally) disclosed was the full truth. Any presumed confidence one might have had of that was lost sometime between August and March.

"""
...I'm not going to be able convince you otherwise.
"""

As long as there are such clear examples of other distros executing responsible and timely disclosure, in contrast to Fedora's behavior, I'm quite sure you won't. I guess we'll just have to see what happens next time Fedora's infrastructure gets hacked.

Weirdness at CentOS

Posted Jul 31, 2009 9:07 UTC (Fri) by marcH (subscriber, #57642) [Link]

> Disclosure is fine and expected. But they could certainly have done without all the "CentOS will die" stuff, Jef.

You cannot make the headlines without any keyword like "die", "sex", "war",...

Weirdness at CentOS

Posted Aug 1, 2009 9:58 UTC (Sat) by nix (subscriber, #2304) [Link]

It's a good thing LWN isn't a trashy tabloid. We'd see headlines line

UFO War on Fairer Sex --- Developers Driven Screaming into Sea

Weirdness at CentOS

Posted Aug 1, 2009 14:51 UTC (Sat) by sbergman27 (guest, #10767) [Link]

Yeah, what really irked me about that episode was that all the streaming video was in H.264. If even the OSS world defaults to proprietary codecs, does Theora have any chance at all?

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds