Re: Infrastructure report, 2008-08-22 UTC 1200

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Laszlo BERES wrote:
Miles Sabin wrote:

The RHEL signing keys have, however, been used by an unauthorized
party to sign unauthorized packages. Some people would say that that
qualified as "compromised" on any reasonable definition.

Signing is a thing, distributing a signed package through the official ways is another. The latter didn't happen as we know.

But we do know that a large number of DNS servers are still vulnerable to spoofing. How do you know that what you think was an official mirror delivering your rpm update wasn't an imposter, spoofed in DNS.

--
  Les Mikesell
    lesmikesell@xxxxxxxxx



--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux