:: Re: [DNG] Fwd: April's fools mess
Top Page
Delete this message
Reply to this message
Author: Antony Stone
Date:  
To: dng
Subject: Re: [DNG] Fwd: April's fools mess
On Monday 01 April 2019 at 22:12:45, Mike Bird wrote:

> An email claiming it was all a joke does nothing to prove the system
> secure even if it happens to be true.


It doesn't prove it to be secure, no, but it confirms that it's no less secure
than it was before the joke was perpetrated.

> It could equally well be false.


If KatolaZ's assertion that the whole thing was a joke of his is false, then
you may have a point.

I believe him.

> Maybe the prankster/attacker left another easter egg or a backdoor.


Given that the prankster is a core member with full access to the systems, he
could do this without making any public announcement of the fact, on 1st April
or otherwise.

He doesn't need to break in to anything to insert a backdoor. He has full
full access to everything Devuan. This was not an attack.

> And certainly the prankster cannot henceforth be trusted with
> privileged access to any systems.


You may not trust him. I think plenty of other people here do. They may not
be impressed by his sense of humour, but that's a different matter.

> I was just hoping the surviving Devuan four would take responsibility
> for fixing things


There's nothing to fix. There was no attack. Security has not been
compromised. If you don't believe that by now then you may as well...

> before I have to invest a few months in moving a lot of systems to a
> different distro.


Your choice. What makes you think *their* system admins haven't planted
backdoors into their servers, but done it on March 1st, for example, and
without any announcement, instead of April 1st?

> But as time passes with no action it's looking increasingly as if they have
> no interest in keeping Devuan viable.


I repeat something I said earlier in this thread:

"You're totally over-reacting, in my opinion.

If this incident has made you distrust the Devuan project, you're probably
better off using a different distro."

I do wonder, though, what criteria you would use to trust another distro if
you can't tell the difference between a security breach and a joke in poor
taste.


Antony.

--
Wanted: telepath. You know where to apply.

                                                   Please reply to the list;
                                                         please *don't* CC me.