Quoting Bill Davidsen <davidsen@xxxxxxx>:
As noted, the detail I would have liked was to know if this was a
failure of system security or a failure of misplaced trust. If there is
a hole in their server system security it's likely to be in ours as
well.
And if someone could say with certainty that packages downloaded before
{date} were safe, it would be more reassuring than "there is little
risk to Fedora users who wish to install or upgrade signed Fedora
packages." If the start date of the problem is known, that would be
really good information for people who keep a local repository and
don't have to upgrade every new install totally over the network.
Well, I know someone on this list said I should feel safe in upgrading
my F6 box to F9. I don't know if that answers your questions or not.
That being said, I think I'll wait until F10 or until fresh ISO images
come out. Despite the fact that my only installation is a single,
personal box, I don't want to risk getting hacked because someone
*may* have gotten some bogus packages into the system and/or
compromised the signing key for Fedora.
Unless/until someone from Fedora says "It is safe to install Fedora 9
from the original ISO images distributed when F9 was released" I am
not going to trust that they are safe.
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
