[PLUG] RedHat/Fedora Crisis

Sriram Narayanan sriramnrn at gmail.com
Thu Sep 18 02:40:06 PDT 2008


On Thu, Sep 18, 2008 at 2:35 PM, Rahul Sundaram
<sundaram at fedoraproject.org> wrote:
> Sriram Narayanan wrote:
> I feel that the Fedora and Redhat
>> organizations should step in as early as possibly with a public
>> statement on the various accusations being levelled at them
>
> Perhaps but people should also realize that sometimes a organization is
> limited in what it can say. In part, as announced this is a ongoing
> investigation.
>

Ack. I understand that. All I'd expect in such a case is a statement
on the fedora website that comes to the viewer's attention, something
to the effect of "Status update: Vulnerability assessment in
progress".


> http://lwn.net/Articles/295150/
>
> Fedora has send half a dozen announcements already as I pointed out.
>
> http://plug.org.in/pipermail/plug-mail/2008-September/004932.html
>
> Red Hat has send a errata as well.
>

And persons such as myself have seen all this. Only,

> The accusations are being thrown out from people with an agenda. The
> details are lost in the noise.
>

I'd actually dare to say +1 to the above !

>> "New SSH Fingerprints" is all that's mentioned at the top at that wiki
>> page. A more attention-grabbing line would have come to attention
>> earlier :)
>
> Maybe you are not seeing this but there is a link to
>
> https://fedoraproject.org/wiki/Enabling_new_signing_key
>

To repeat: Perception is different from reality. One may need to use
new keys for a variety of reasons, which may be different from an
illegal breach of security. It is this security breach and the
resulting actions which needs to be highlighted.

> Other details are covered within the announcements send to the list.
> Note that you don't have to do *anything* at all for the new signing key
> as yum will automatically prompt you and switch you over and you will
> automatically start getting packages signed with this key. So end users
> are not required to read the technical information just to get new updates.
>

This is very useful indeed.

I wish the Fedora Project luck. As a member of the Belenix community,
I compete with Fedora, but it has it's place and has played a good
role in helpingwith Linux adoption.

> Rahul
>
> --
> ______________________________________________________________________
> Pune GNU/Linux Users Group Mailing List:      (plug-mail at plug.org.in)
> List Information:  http://plug.org.in/cgi-bin/mailman/listinfo/plug-mail
> Send 'help' to plug-mail-request at plug.org.in for mailing instructions.
>



More information about the plug-mail mailing list