Infrastructure report, 2008-08-22 UTC 1200
Miles Sabin
miles at milessabin.com
Fri Aug 22 16:59:06 UTC 2008
On Fri, Aug 22, 2008 at 5:44 PM, Rahul Sundaram
<sundaram at fedoraproject.org> wrote:
> Michael J Gruber wrote:
>
>> - Fedora's key will be changed, not RHEL's, which has been compromised.
>
> No indication of the latter. The setup is different. Refer
>
> http://www.awe.com/mark/blog/200701300906.html
Only if you define "compromised" as possession of the unencrypted private key.
The RHEL signing keys have, however, been used by an unauthorized
party to sign unauthorized packages. Some people would say that that
qualified as "compromised" on any reasonable definition.
Incidentally, what does "with high probability" mean? Anything more
than "we're pretty sure, but we can't really say how sure"?
Cheers,
Miles
More information about the fedora-list
mailing list