Author: Mike Bird Date: To: dng Subject: Re: [DNG] Fwd: April's fools mess
On Mon April 1 2019 12:44:05 Antony Stone wrote: > No, I have complied with my country's laws regarding personal data
> protection and taken "appropriate technical and organisational measures" to
> ensure the security of the systems.
You do not seem to understand security. Once there is the possibility
of an attack the security of the system has to be proven or rebuilt.
Usually this entails locking out the attacker, generating all new
security tokens and keys, wiping, and rebuilding from trusted source.
An email claiming it was all a joke does nothing to prove the system
secure even if it happens to be true. It could equally well be false.
Similarly Evilham's suggestion of a future offline "discussion" is
too little too late.
Maybe the prankster/attacker left another easter egg or a backdoor.
Maybe he stole keys. Maybe a black hat snuck in while the prankster
was messing around. Maybe nothing at all bad happened.
You can't entrust other people's credit cards to "maybe".
And certainly the prankster cannot henceforth be trusted with
privileged access to any systems.
But don't believe me. Talk to your lawyers.
I was just hoping the surviving Devuan four would take responsibility
for fixing things before I have to invest a few months in moving
a lot of systems to a different distro. But as time passes with no
action it's looking increasingly as if they have no interest in
keeping Devuan viable.