Infrastructure report, 2008-08-22 UTC 1200
Rahul Sundaram
sundaram at fedoraproject.org
Fri Aug 22 17:08:52 UTC 2008
Miles Sabin wrote:
> On Fri, Aug 22, 2008 at 5:44 PM, Rahul Sundaram
> wrote:
>> Michael J Gruber wrote:
>>
>>> - Fedora's key will be changed, not RHEL's, which has been compromised.
>> No indication of the latter. The setup is different. Refer
>>
>> http://www.awe.com/mark/blog/200701300906.html
>
> Only if you define "compromised" as possession of the unencrypted private key.
>
> The RHEL signing keys have, however, been used by an unauthorized
> party to sign unauthorized packages. Some people would say that that
> qualified as "compromised" on any reasonable definition.
Yes but if it requires physical access, there is no need to generate a
new key.
> Incidentally, what does "with high probability" mean? Anything more
> than "we're pretty sure, but we can't really say how sure"?
Probably it means they don't have any reason to believe otherwise.
Rahul
More information about the users
mailing list