Infrastructure report, 2008-08-22 UTC 1200

Anders Karlsson anders at trudheim.co.uk
Sun Aug 24 18:52:13 UTC 2008


* Miles Sabin <miles at milessabin.com> [20080824 19:02]:
> On Sun, Aug 24, 2008 at 5:21 PM, Anders Karlsson <anders at trudheim.co.uk> wrote:
> > * Miles Sabin <miles at milessabin.com> [20080824 16:39]:
> >> We know nothing of the sort. In fact the RH announcement suggests
> >> exactly the opposite ... why else distribute a script to check for
> >> compromised RHEL packages?
> >
> > Because some people don't exclusively use RHN ?
> 
> And that matters because?

Right - so you have no idea how RHEL updates are distributed, or about
RHEL infrastructure, yet you quite happily will draw conclusions which
ever way takes your fancy?

If you are a paying Red Hat customer, call your support representative
and *ask* them rather than wildly speculate on the list. You admit
that you do not have enough facts to draw conclusions, and then
immediately proceed to draw conclusions..? What gives?

Re-read http://www.redhat.com/security/data/openssh-blacklist.html and
take your time with it.

"We are issuing this alert primarily for those who may obtain Red Hat
binary packages via channels other than those of official Red Hat
subscribers."

Do you now see the reason for the script?

/Anders




More information about the fedora-list mailing list