On Fri, Aug 22, 2008 at 6:08 PM, Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> wrote: >> The RHEL signing keys have, however, been used by an unauthorized >> party to sign unauthorized packages. Some people would say that that >> qualified as "compromised" on any reasonable definition. > > Yes but if it requires physical access, there is no need to generate a new > key. There are bogus packages already signed and quite possibly out in the wild ... what do you mean there's no need to generate a new key? Cheers, Miles -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list