Re: Infrastructure report, 2008-08-22 UTC 1200

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



2008/8/22 Michael J Gruber <michaeljgruber+gmane@xxxxxxxxxxx>:

> - Fedora's key will be changed, not RHEL's, which has been compromised.
> - High security private keys are best kept in bare metal and used on
> boxes without incoming network. This doesn't seem to apply to the
> package signing keys.

We don't know that the RHEL key has been compromised; perhaps dodgy
packages were fed to a signing mechanism that was not directly
accessible to the attacker (and maybe they detected the intrusion
because someone noticed something fishy about the packages they were
signing?) .... we don't know the full story. Maybe RHEL will have
updated keys distributed via RHN. *shrug*

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux