Re: Infrastructure report, 2008-08-22 UTC 1200

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Miles Sabin wrote:
On Fri, Aug 22, 2008 at 6:08 PM, Rahul Sundaram
wrote:
The RHEL signing keys have, however, been used by an unauthorized
party to sign unauthorized packages. Some people would say that that
qualified as "compromised" on any reasonable definition.
Yes but if it requires physical access, there is no need to generate a new
key.

There are bogus packages already signed and quite possibly out in the
wild ... what do you mean there's no need to generate a new key?

All I would say it really depends on the setup and I gave you a link earlier with some details. Besides this is primarily a Fedora announcement. RHEL details are elsewhere.

Rahul

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux