Re: Debian Investigation Report after Server Compromises

To: debian-user@lists.debian.org
Subject: Re: Debian Investigation Report after Server Compromises
From: Paul Johnson <baloo@ursine.ca>
Date: Wed, 3 Dec 2003 17:38:47 -0800
Message-id: <[🔎] 20031204013847.GF19461@ursine.ca>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20031203215811.GC4125@doorstop.net>
References: <[🔎] 1070381336.21297.11.camel@king.gregfolkert.net> <[🔎] 1070386267.21296.16.camel@king.gregfolkert.net> <[🔎] 1070392359.18618.2.camel@Thief> <[🔎] pan.2003.12.02.21.11.27.327388@earthlink.net> <[🔎] 20031203070143.GJ25739@ursine.ca> <[🔎] 20031203215811.GC4125@doorstop.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Dec 03, 2003 at 01:58:11PM -0800, Vineet Kumar wrote:
> Sidestepping lawsuits from a million angry customers isn't really a
> "win".

You're right.  Which is why I really wish Bugtraq didn't wait around
before publishing their findings.  Customers have a right to know what
they got screwed into buying.

> If their customers can hear about a problem only when it's been fixed,
> it makes Microsoft look like the good guys: "Hey, by the way, we fixed
> this problem you didn't even know about."  If there's an exploit in the
> wild before a fix is available, the PHBs hear it on the local news
> first, which is not good.  It's not about lawsuits, it's just simple
> business sense -- you have to keep your customers happy.

Why not get it mostly right the first time?  This is the first
compromise of debian.org I've heard about, which says something.

- -- 
 .''`.     Paul Johnson <baloo@ursine.ca>
: :'  :    
`. `'`     proud Debian admin and user
  `-  Debian - when you have better things to do than fix a system
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/zpAnUzgNqloQMwcRAuL+AKCmWxBOaXovKd+9waICAPAMUjwMTACgu8cP
K3BjyadqsBU8CikJbdu5qIE=
=YJWN
-----END PGP SIGNATURE-----

Reply to:

References:
- Debian Investigation Report after Server Compromises
  - From: Greg Folkert <greg@gregfolkert.net>
- Re: Debian Investigation Report after Server Compromises
  - From: Greg Folkert <greg@gregfolkert.net>
- Re: Debian Investigation Report after Server Compromises
  - From: Alex Malinovich <demonbane@the-love-shack.net>
- Re: Debian Investigation Report after Server Compromises
  - From: Paul Morgan <paulswm@earthlink.net>
- Re: Debian Investigation Report after Server Compromises
  - From: Paul Johnson <baloo@ursine.ca>
- Re: Debian Investigation Report after Server Compromises
  - From: Vineet Kumar <vineet@doorstop.net>

Prev by Date: Re: [OT] Slashdot and media accuracy (was Re: Improved Debian Project Emergency Communications)
Next by Date: Re: APT::Default-Release doesn't seem to affect upgrades
Previous by thread: Re: Debian Investigation Report after Server Compromises
Next by thread: Re: Debian Investigation Report after Server Compromises
Index(es):
- Date
- Thread