LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Weirdness at CentOS

Weirdness at CentOS

Posted Jul 30, 2009 22:44 UTC (Thu) by jspaleta (subscriber, #50639)
In reply to: Weirdness at CentOS by sbergman27
Parent article: Weirdness at CentOS

The statement regarding the conditions of the death of the project are factually correct. If the developers all walk away...the project folds.
Do you dispute that? It's not even hyperbole...its the truth. It's like stating that if the fusion process in the core of the sun stops..the sun will die. Its the truth. Knowing that, am I afraid that the sun will die anytime soon? I'm pretty confident that it will continue. Is it unprofessional of me as a former fusion researcher to point the fact that the Sun's fusion process is critical?

So here we have a large group of CentOS developers saying that the project depends on developers to continue. If the developers aren't happy and the developers walk away...that would be a significant problem. CentOS is run by volunteers and everyone should keep that in mind...especially those people..like yourself perhaps.. professional who are making a business of leveraging the volunteer work when selling services to customers...without contributing back to that effort.

I use CentOS at work. Am I concerned that the developers are going to enmasse up and quit. Nope. Will CentOS go through a re-branding and a domain name...maybe. The trademarked name CentOS might die but the developers will continue the work apace. And lets face it, CentOS doesn't have the strongest brand in the world. The people who are leveraging it are leveraging it because its compatible with RHEL...it really doesn't matter what its called.

And since you brought it up...I am very much a champion of disclosure. Are you not satisified with the final summary of information Paul put out over events?
https://www.redhat.com/archives/fedora-announce-list/2009...

Are you not satisfied with the follow-up effort to create and publicly publish an incident procedure that will be followed in the future?
http://infrastructure.fedoraproject.org/csi/security-poli...

If the only thing that leaves you unsatisfied is the explanation as to the delayed public disclosure due to an ongoing investigation I'm not going to be able convince you otherwise. You either accept that explanation or you do not. The new incident response procedure should help prevent unnecessary delays if this ever happens again.

-jef


(Log in to post comments)

Weirdness at CentOS

Posted Jul 31, 2009 2:16 UTC (Fri) by sbergman27 (guest, #10767) [Link]

"""
If the only thing that leaves you unsatisfied is the explanation as to the delayed public disclosure...
"""

Seven months delayed public disclosure. Sure, they had excuses in hand, carefully worded by Red Hat's PR department and approved by Red Hat Legal. But other distros, Debian for example, don't seem to have that "can't do" attitude exhibited by Fedora under similar circumstances, and don't seem to need the carefully worded excuses. And no, there is really no way to know if what was (finally) disclosed was the full truth. Any presumed confidence one might have had of that was lost sometime between August and March.

"""
...I'm not going to be able convince you otherwise.
"""

As long as there are such clear examples of other distros executing responsible and timely disclosure, in contrast to Fedora's behavior, I'm quite sure you won't. I guess we'll just have to see what happens next time Fedora's infrastructure gets hacked.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds