Infrastructure report, 2008-08-22 UTC 1200
Rui Miguel Silva Seabra
rms at 1407.org
Sun Aug 24 14:47:20 UTC 2008
On Sun, Aug 24, 2008 at 03:39:05PM +0100, Miles Sabin wrote:
> On Fri, Aug 22, 2008 at 7:39 PM, Laszlo BERES <beres.laszlo at sys-admin.hu> wrote:
> > Miles Sabin wrote:
> >> The RHEL signing keys have, however, been used by an unauthorized
> >> party to sign unauthorized packages. Some people would say that that
> >> qualified as "compromised" on any reasonable definition.
> >
> > Signing is a thing, distributing a signed package through the official ways
> > is another. The latter didn't happen as we know.
>
> We know nothing of the sort. In fact the RH announcement suggests
> exactly the opposite ... why else distribute a script to check for
> compromised RHEL packages?
Because even though they believe it wasn't distributed, they like to
play it safe, assume it was and provide some help detecting the bad
packages?
Oh my bad, they should probably just consider a blue sky scenario... ;)
--
All Hail Discordia!
Today is Sweetmorn, the 17th day of Bureaucracy in the YOLD 3174
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?
More information about the fedora-list
mailing list