Infrastructure report, 2008-08-22 UTC 1200
Les Mikesell
lesmikesell at gmail.com
Fri Aug 22 19:52:41 UTC 2008
Laszlo BERES wrote:
> Miles Sabin wrote:
>
>> The RHEL signing keys have, however, been used by an unauthorized
>> party to sign unauthorized packages. Some people would say that that
>> qualified as "compromised" on any reasonable definition.
>
> Signing is a thing, distributing a signed package through the official
> ways is another. The latter didn't happen as we know.
But we do know that a large number of DNS servers are still vulnerable
to spoofing. How do you know that what you think was an official mirror
delivering your rpm update wasn't an imposter, spoofed in DNS.
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-list
mailing list