Misleading information

Rahul Sundaram sundaram at fedoraproject.org
Thu Apr 2 19:18:28 UTC 2009


Joshua C. wrote:
> Look at this article:
> http://www.fudzilla.com/index.php?option=com_content&task=view&id=12958&Itemid=1
> 
> It describes what happened in 2008 but it's not clear from the title.
> I know that journalist can write whatever they want but this is
> misleading information which is not up to date. The title should be "
> *** got hacked in 2008". Maybe someone from the "higher ranks" should
> officially demand better clarification in this writing.

"The hacker got access to the Fedora package signing key and used this
to create modified versions of OpenSSH and RPM that would allow access
to user passphrases on the build system to secure the package signing key."

All that is completely wrong as well. The reference to OpenSSH might be
a confusion with the Red Hat intrusion but the reference to RPM is just
totally made up.  CC'ing Paul Frields.

Rahul




More information about the fedora-list mailing list