On Wed May 14, 2008 at 20:11:32 +0100, Damian Brasher wrote:
> > Had the issue not been leaked to Debian unstable as it was we'd
> > probably have had a longer embargo, and more complete instructions
> > at the time the DSA was prepared.
> >
>
> Embargo is a good thing, there is never a good time to break bad news,
> enough time to ensure minimum damage is caused by the forthcoming news is
> always prudent IMO.
Indeed.
The biggest issue with embargo here was that had we had a longer
one we'd have had lists of instructions for regeneration of keys
for all affected services/software.
Now that's coming out in a mad rush and a lot of people are
delaying things even more by sending questions like "Is CFEngine
affected?" "How do I regenerate the automatic key included in
the GForge package". Had we had more time we could have had
cooked answers in advance..
Steve
--
Debian GNU/Linux System Administration
http://www.debian-administration.org/
