Bjørn Tore Sund wrote: > One thing this > incident has taught us is to take regular backups of that mirror so that we > can roll back to a non-suspect version of the Fedora updates. Didn't have > that before, really missed it the last couple of weeks. How far would you have rolled it back? During the whole time that the Fedora repositories were suspect there was no information whatsoever on how old packages would have to be to be non-suspect. And while the infrastructure team either knew or suspected the whole time that the issue they were investigating was an intrusion, it probably did take some time before they knew how long the intrusion had been going on. Björn Persson
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
