Infrastructure status, 2008-08-19 UTC 0200
Anne Wilson
cannewilson at googlemail.com
Fri Aug 22 22:10:48 UTC 2008
On Friday 22 August 2008 17:48:22 Tom Killian wrote:
> >One of the compromised Fedora servers was a system used for signing
> >Fedora packages. However, based on our efforts, we have high confidence
> >that the intruder was not able to capture the passphrase used to secure
> >the Fedora package signing key. Based on our review to date, the
> >passphrase was not used during the time of the intrusion on the system
> >and the passphrase is not stored on any of the Fedora servers.
>
> Hmm, sounds like the passphrase is safe, but the passphrase-encrypted
> private key is in the hands of the bad guys, a good reason to revoke
> the key.
That is not at all what was said. The 'bad guy' intruded into the system. At
no time did he use the passphrase - as has been verified. I can think of no
reason for him not to do so if he had got the private key. The FUD on this
list is unbelievable.
Anne
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20080822/e8a7d5b6/attachment-0001.sig>
More information about the fedora-list
mailing list