> If I were DPL, I'd have been on the phone to brainfood within minutes of > hearing that there was a possible incident. > > Hopefully Brainfood has been in touch with Ben to apprise him of the > situation. I can understand Brainfood's unwillingness to speculate to > the entire developer community about what's going on, especially given > the possibility that the security incident could have been caused by a > Debian developer. At least for the first several hours following the > port lockdown, I'd say it's reasonable to guess that Brainfood didn't > have a complete picture of the compromise yet. It can take quite a bit > of time to diagnose these things. > > But the DPL -- at the very least -- should be in the loop. Sponsoring > sites provide resources of tremendous value to Debian, but it is > unacceptable for a vendor to unilaterally terminate services for an > indefinite period without adequate explanation. Hopefully, Ben is in > the loop on this issue and it's being handled in a way that I'd be > comfortable with were I in his shoes.
Brainfood has not been in touch with me. I would hope that they have been in touch with Debian Admins to a more detailed extent (even if they talk to me, I can't do anything but relay to debian-admin anyway). Ben -- .----------=======-=-======-=========-----------=====------------=-=-----. / Ben Collins -- Debian GNU/Linux -- WatchGuard.com \ ` [EMAIL PROTECTED] -- [EMAIL PROTECTED] ' `---=========------=======-------------=-=-----=-===-======-------=--=---'
