>One of the compromised Fedora servers was a system used for signing >Fedora packages. However, based on our efforts, we have high confidence >that the intruder was not able to capture the passphrase used to secure >the Fedora package signing key. Based on our review to date, the >passphrase was not used during the time of the intrusion on the system >and the passphrase is not stored on any of the Fedora servers. Hmm, sounds like the passphrase is safe, but the passphrase-encrypted private key is in the hands of the bad guys, a good reason to revoke the key. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
