Re: Infrastructure status, 2008-08-19 UTC 0200

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Sat, 23 Aug 2008 16:16:55 +0200
schrieb Roger Grosswiler <roger@xxxxxxxx>:

> Am Sat, 23 Aug 2008 00:38:15 +0200
> schrieb Björn Persson <bjorn@xxxxxxxxxxxxxxxxxxxx>:
> 
> > Anne Wilson wrote:
> > > On Friday 22 August 2008 17:48:22 Tom Killian wrote:
> > > > >One of the compromised Fedora servers was a system used for
> > > > >signing Fedora packages. However, based on our efforts, we have
> > > > >high confidence that the intruder was not able to capture the
> > > > >passphrase used to secure the Fedora package signing key. Based
> > > > >on our review to date, the passphrase was not used during the
> > > > >time of the intrusion on the system and the passphrase is not
> > > > >stored on any of the Fedora servers.
> > > >
> > > > Hmm, sounds like the passphrase is safe, but the
> > > > passphrase-encrypted private key is in the hands of the bad
> > > > guys, a good reason to revoke the key.
> > >
> > > That is not at all what was said.  The 'bad guy' intruded into the
> > > system. At no time did he use the passphrase - as has been
> > > verified.  I can think of no reason for him not to do so if he had
> > > got the private key.  The FUD on this list is unbelievable.
> > 
> > Tom is right. What the announcement says is that we must assume that
> > the intruder has the key but he probably can't use it. The key is
> > encrypted with a passphrase and the intruder had no way of finding
> > out the passphrase. The key therefore needs to be changed but
> > there's no need to panic.
> > 
> > Björn Persson
> 
> ok, but is it also on fedora, with openssh-issue? Or how could we now
> find out, if our systems are compromised too?
> 
> Roger
> 
ah yes, and do we also expect, that packages to new install do have
that problem too?

I mean, i would like to try kde, but am not sure to get compromised
packages there...

Roger

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux