On Fri, Aug 22, 2008 at 7:39 PM, Laszlo BERES <beres.laszlo@xxxxxxxxxxxx> wrote: > Miles Sabin wrote: >> The RHEL signing keys have, however, been used by an unauthorized >> party to sign unauthorized packages. Some people would say that that >> qualified as "compromised" on any reasonable definition. > > Signing is a thing, distributing a signed package through the official ways > is another. The latter didn't happen as we know. We know nothing of the sort. In fact the RH announcement suggests exactly the opposite ... why else distribute a script to check for compromised RHEL packages? Cheers, Miles -- Miles Sabin tel: +44 (0)1273 720 779 mobile: +44 (0)7813 944 528 skype: milessabin -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list