[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debian services and responsibility

> If I were DPL, I'd have been on the phone to brainfood within minutes of
> hearing that there was a possible incident.
> Hopefully Brainfood has been in touch with Ben to apprise him of the
> situation.  I can understand Brainfood's unwillingness to speculate to
> the entire developer community about what's going on, especially given
> the possibility that the security incident could have been caused by a
> Debian developer.  At least for the first several hours following the
> port lockdown, I'd say it's reasonable to guess that Brainfood didn't
> have a complete picture of the compromise yet.  It can take quite a bit
> of time to diagnose these things.
> But the DPL -- at the very least -- should be in the loop.  Sponsoring
> sites provide resources of tremendous value to Debian, but it is
> unacceptable for a vendor to unilaterally terminate services for an
> indefinite period without adequate explanation.  Hopefully, Ben is in
> the loop on this issue and it's being handled in a way that I'd be
> comfortable with were I in his shoes.

Brainfood has not been in touch with me. I would hope that they have
been in touch with Debian Admins to a more detailed extent (even if they
talk to me, I can't do anything but relay to debian-admin anyway).


/       Ben Collins    --    Debian GNU/Linux    --    WatchGuard.com      \
`          bcollins@debian.org   --   Ben.Collins@watchguard.com           '

Reply to: