On Friday 22 August 2008 17:48:22 Tom Killian wrote: > >One of the compromised Fedora servers was a system used for signing > >Fedora packages. However, based on our efforts, we have high confidence > >that the intruder was not able to capture the passphrase used to secure > >the Fedora package signing key. Based on our review to date, the > >passphrase was not used during the time of the intrusion on the system > >and the passphrase is not stored on any of the Fedora servers. > > Hmm, sounds like the passphrase is safe, but the passphrase-encrypted > private key is in the hands of the bad guys, a good reason to revoke > the key. That is not at all what was said. The 'bad guy' intruded into the system. At no time did he use the passphrase - as has been verified. I can think of no reason for him not to do so if he had got the private key. The FUD on this list is unbelievable. Anne
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
