[CentOS] RH's servers breached

Rui Miguel Silva Seabra rms at 1407.org
Fri Aug 22 16:34:00 UTC 2008


On Fri, Aug 22, 2008 at 05:43:08PM +0200, kfx wrote:
> What's the point on this for us, CentOS users ?
>
> http://www.redhat.com/security/data/openssh-blacklist.html

That will only test for compiled RPMS of certain OpenSSH packages.

Those RPMS have been signed by the PGP key, so either the key server or
the build server were compromised (possibly they are the same, I don't
know).

I'd do a detailed review of the SRPMS and patches during this period...

Rui

-- 
Kallisti!
Today is Prickle-Prickle, the 15th day of Bureaucracy in the YOLD 3174
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?


More information about the CentOS mailing list