Important infrastructure announcement
Stephen John Smoogen
smooge at gmail.com
Fri Aug 15 13:50:31 UTC 2008
On Fri, Aug 15, 2008 at 6:57 AM, Danny Yee <danny at anatomy.usyd.edu.au> wrote:
> Richard Hughes wrote:
>> PackageKit will only allow automatic updates of signed packages. If
>> we're pumping out invalid signed updates then, well, meh.
>
> The implication of the announcement is that signed updates may be
> compromised (or possibly even the key). How else can we read this?
>
> "as a precaution, we recommend you not download or update
> any additional packages on your Fedora systems"
>
> Danny.
It could also be that the build system got a bad compiler installed
(or a compiler got corrupted) and the signed builds have had errors in
them. Not a security breach, but something that would cause problems.
Trying to find out where, which servers were affected, and how that
happened would be just as labor intensive.
Or it could be that NFS has been banging bits before the package gets
signed... or there was a zombie outbreak in PHX and they are chewing
on the wires...
--
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
More information about the fedora-devel-list
mailing list