Infrastructure report, 2008-08-22 UTC 1200
Miles Sabin
miles at milessabin.com
Fri Aug 22 17:13:01 UTC 2008
On Fri, Aug 22, 2008 at 6:08 PM, Rahul Sundaram
<sundaram at fedoraproject.org> wrote:
>> The RHEL signing keys have, however, been used by an unauthorized
>> party to sign unauthorized packages. Some people would say that that
>> qualified as "compromised" on any reasonable definition.
>
> Yes but if it requires physical access, there is no need to generate a new
> key.
There are bogus packages already signed and quite possibly out in the
wild ... what do you mean there's no need to generate a new key?
Cheers,
Miles
More information about the users
mailing list