Infrastructure report, 2008-08-22 UTC 1200

Laszlo BERES beres.laszlo at sys-admin.hu
Sun Aug 24 19:36:13 UTC 2008


Miles Sabin írta:

>> Signing is a thing, distributing a signed package through the official ways
>> is another. The latter didn't happen as we know.
> 
> We know nothing of the sort. In fact the RH announcement suggests
> exactly the opposite ... why else distribute a script to check for
> compromised RHEL packages?

Because there are people who update their systems with "gotten" packages 
(without subscription). If one of them downloads a malicious package 
form somewhere, the attacker wins.

-- 
BÉRES László  RHCE, RHCX   senior IT engineer, trainer
Red Hat, Fedora, CentOS, SELinux:  http://sys-admin.hu




More information about the fedora-list mailing list