On Fri, Aug 22, 2008 at 05:43:08PM +0200, kfx wrote: > What's the point on this for us, CentOS users ? > > http://www.redhat.com/security/data/openssh-blacklist.html That will only test for compiled RPMS of certain OpenSSH packages. Those RPMS have been signed by the PGP key, so either the key server or the build server were compromised (possibly they are the same, I don't know). I'd do a detailed review of the SRPMS and patches during this period... Rui -- Kallisti! Today is Prickle-Prickle, the 15th day of Bureaucracy in the YOLD 3174 + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Gandhi + So let's do it...?