[CentOS] Question on security issue alert from recent centos-announce

What exactly does the announcement mean to the CentOS community?

From what point in the past to what point present/future should the

user community be concerned?

Once you find the final culprit, how sure will you be whether any issue is/was malicious vs benign?

Do you perform regular server checksums to compare what _might_ have changed (i.e. tripwire, etc)?

What is the level and mitigation of damage control - current and future?

What additional specifics can we learn from you - from safe/tainted media checksum files to ISO media itself? From keeping machines up and running to needing a fresh install?

Could the same thing happen, or did it, with the upstream provider, or is it limited to the CentOS community?

Thank you.

Scott