Infrastructure report, 2008-08-22 UTC 1200
Laszlo BERES
beres.laszlo at sys-admin.hu
Sun Aug 24 19:36:13 UTC 2008
Miles Sabin írta:
>> Signing is a thing, distributing a signed package through the official ways
>> is another. The latter didn't happen as we know.
>
> We know nothing of the sort. In fact the RH announcement suggests
> exactly the opposite ... why else distribute a script to check for
> compromised RHEL packages?
Because there are people who update their systems with "gotten" packages
(without subscription). If one of them downloads a malicious package
form somewhere, the attacker wins.
--
BÉRES László RHCE, RHCX senior IT engineer, trainer
Red Hat, Fedora, CentOS, SELinux: http://sys-admin.hu
More information about the fedora-list
mailing list