Important infrastructure announcement
Leszek Matok
Lam at Lam.pl
Fri Aug 15 06:03:17 UTC 2008
Dnia 2008-08-15, o godz. 13:35:46 Danny Yee <danny at anatomy.usyd.edu.au>
napisał(a):
> Uh oh. This sounds very much like there's been a security breach
> on infrastructure systems, which may have compromised packages or
> even repositories.
>
> I've disabled automatic installation of updates for the moment;
> I'm sure what else we can do.
Actually, I think thousands of users are downloading at least the metadata
because there was no clear way of disabling PackageKit on update. And the
metadata, in theory, can exploit a bug in yum, all out of sight of users.
That's what you get when you force users to download things in the background
for them. Told ya!
Lam
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20080815/46a74985/attachment.bin
More information about the devel
mailing list