Re: Infrastructure report, 2008-08-22 UTC 1200

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Miles Sabin írta:

Signing is a thing, distributing a signed package through the official ways
is another. The latter didn't happen as we know.

We know nothing of the sort. In fact the RH announcement suggests
exactly the opposite ... why else distribute a script to check for
compromised RHEL packages?

Because there are people who update their systems with "gotten" packages (without subscription). If one of them downloads a malicious package form somewhere, the attacker wins.

--
BÉRES László  RHCE, RHCX   senior IT engineer, trainer
Red Hat, Fedora, CentOS, SELinux:  http://sys-admin.hu

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux