Re: Infrastructure report, 2008-08-22 UTC 1200

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Aug 24, 2008 at 03:39:05PM +0100, Miles Sabin wrote:
> On Fri, Aug 22, 2008 at 7:39 PM, Laszlo BERES <beres.laszlo@xxxxxxxxxxxx> wrote:
> > Miles Sabin wrote:
> >> The RHEL signing keys have, however, been used by an unauthorized
> >> party to sign unauthorized packages. Some people would say that that
> >> qualified as "compromised" on any reasonable definition.
> >
> > Signing is a thing, distributing a signed package through the official ways
> > is another. The latter didn't happen as we know.
> 
> We know nothing of the sort. In fact the RH announcement suggests
> exactly the opposite ... why else distribute a script to check for
> compromised RHEL packages?

Because even though they believe it wasn't distributed, they like to
play it safe, assume it was and provide some help detecting the bad
packages?

Oh my bad, they should probably just consider a blue sky scenario... ;)

-- 
All Hail Discordia!
Today is Sweetmorn, the 17th day of Bureaucracy in the YOLD 3174
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux