On Thu, Sep 18, 2008 at 2:35 PM, Rahul Sundaram <[EMAIL PROTECTED]> wrote: > Sriram Narayanan wrote: > I feel that the Fedora and Redhat >> organizations should step in as early as possibly with a public >> statement on the various accusations being levelled at them > > Perhaps but people should also realize that sometimes a organization is > limited in what it can say. In part, as announced this is a ongoing > investigation. >
Ack. I understand that. All I'd expect in such a case is a statement on the fedora website that comes to the viewer's attention, something to the effect of "Status update: Vulnerability assessment in progress". > http://lwn.net/Articles/295150/ > > Fedora has send half a dozen announcements already as I pointed out. > > http://plug.org.in/pipermail/plug-mail/2008-September/004932.html > > Red Hat has send a errata as well. > And persons such as myself have seen all this. Only, > The accusations are being thrown out from people with an agenda. The > details are lost in the noise. > I'd actually dare to say +1 to the above ! >> "New SSH Fingerprints" is all that's mentioned at the top at that wiki >> page. A more attention-grabbing line would have come to attention >> earlier :) > > Maybe you are not seeing this but there is a link to > > https://fedoraproject.org/wiki/Enabling_new_signing_key > To repeat: Perception is different from reality. One may need to use new keys for a variety of reasons, which may be different from an illegal breach of security. It is this security breach and the resulting actions which needs to be highlighted. > Other details are covered within the announcements send to the list. > Note that you don't have to do *anything* at all for the new signing key > as yum will automatically prompt you and switch you over and you will > automatically start getting packages signed with this key. So end users > are not required to read the technical information just to get new updates. > This is very useful indeed. I wish the Fedora Project luck. As a member of the Belenix community, I compete with Fedora, but it has it's place and has played a good role in helpingwith Linux adoption. > Rahul > > -- > ______________________________________________________________________ > Pune GNU/Linux Users Group Mailing List: (plug-mail@plug.org.in) > List Information: http://plug.org.in/cgi-bin/mailman/listinfo/plug-mail > Send 'help' to [EMAIL PROTECTED] for mailing instructions. > -- ______________________________________________________________________ Pune GNU/Linux Users Group Mailing List: (plug-mail@plug.org.in) List Information: http://plug.org.in/cgi-bin/mailman/listinfo/plug-mail Send 'help' to [EMAIL PROTECTED] for mailing instructions.