Infrastructure status, 2008-08-19 UTC 0200
Tom Killian
tom.killian at gmail.com
Fri Aug 22 16:48:22 UTC 2008
>One of the compromised Fedora servers was a system used for signing
>Fedora packages. However, based on our efforts, we have high confidence
>that the intruder was not able to capture the passphrase used to secure
>the Fedora package signing key. Based on our review to date, the
>passphrase was not used during the time of the intrusion on the system
>and the passphrase is not stored on any of the Fedora servers.
Hmm, sounds like the passphrase is safe, but the passphrase-encrypted
private key is in the hands of the bad guys, a good reason to revoke
the key.
More information about the users
mailing list