non-disclosure of infrastructure problem a management issue?
Frank Cox
theatre at sasktel.net
Mon Aug 25 05:07:13 UTC 2008
On Sun, 24 Aug 2008 23:18:03 -0500
Bruno Wolff III <bruno at wolff.to> wrote:
> I think the key stuff is out now. It has been stated that there does not
> appear to be any trojaned rpms for Fedora.
True.
> Some information on the attack vector could be useful.
I'd say it would either be reassuring or chilling, depending on the answer
received. Unfortunately, in the absence of any information about this at all,
one could assume that everyone's ssh logins are at risk on all RHEL boxes (as
I'm pretty sure that's what the Fedora update servers run on) or there is a
vulnerability in the ssh keyrings, or who-knows-what else.
Nobody can take any protective measures short of switching everything to
another distribution entirely without that sort of information in hand. Are
protective measures even required? We don't know that either.
--
MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com
More information about the users
mailing list