Infrastructure report, 2008-08-22 UTC 1200
Rahul Sundaram
sundaram at fedoraproject.org
Fri Aug 22 17:18:43 UTC 2008
Miles Sabin wrote:
> On Fri, Aug 22, 2008 at 6:08 PM, Rahul Sundaram
> wrote:
>>> The RHEL signing keys have, however, been used by an unauthorized
>>> party to sign unauthorized packages. Some people would say that that
>>> qualified as "compromised" on any reasonable definition.
>> Yes but if it requires physical access, there is no need to generate a new
>> key.
>
> There are bogus packages already signed and quite possibly out in the
> wild ... what do you mean there's no need to generate a new key?
All I would say it really depends on the setup and I gave you a link
earlier with some details. Besides this is primarily a Fedora
announcement. RHEL details are elsewhere.
Rahul
More information about the users
mailing list