On Sun, Aug 24, 2008 at 03:39:05PM +0100, Miles Sabin wrote: > On Fri, Aug 22, 2008 at 7:39 PM, Laszlo BERES <beres.laszlo@xxxxxxxxxxxx> wrote: > > Miles Sabin wrote: > >> The RHEL signing keys have, however, been used by an unauthorized > >> party to sign unauthorized packages. Some people would say that that > >> qualified as "compromised" on any reasonable definition. > > > > Signing is a thing, distributing a signed package through the official ways > > is another. The latter didn't happen as we know. > > We know nothing of the sort. In fact the RH announcement suggests > exactly the opposite ... why else distribute a script to check for > compromised RHEL packages? Because even though they believe it wasn't distributed, they like to play it safe, assume it was and provide some help detecting the bad packages? Oh my bad, they should probably just consider a blue sky scenario... ;) -- All Hail Discordia! Today is Sweetmorn, the 17th day of Bureaucracy in the YOLD 3174 + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Gandhi + So let's do it...? -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
