Infrastructure report, 2008-08-22 UTC 1200
Mikkel L. Ellertson
mikkel at infinity-ltd.com
Fri Aug 22 17:35:27 UTC 2008
Alexandre Dulaunoy wrote:
>
> Yep. Just wondering how the attacker retrieved the passphrase for Red Hat.
>
I am not sure they did retrieve the passphrase. It is possible that
the key was already unlocked by another process, and they managed to
sign a couple of packages in that time. (gpg-agent) I do not know
how easy it would be to grab the information to connect to a running
gpg-agent... from a new login.
Mikkel
--
Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20080822/ac6ce515/attachment-0001.bin
More information about the users
mailing list