[CentOS] RH's servers breached

Fri Aug 22 16:34:00 UTC 2008
Rui Miguel Silva Seabra <rms at 1407.org>

On Fri, Aug 22, 2008 at 05:43:08PM +0200, kfx wrote:
> What's the point on this for us, CentOS users ?
> http://www.redhat.com/security/data/openssh-blacklist.html

That will only test for compiled RPMS of certain OpenSSH packages.

Those RPMS have been signed by the PGP key, so either the key server or
the build server were compromised (possibly they are the same, I don't

I'd do a detailed review of the SRPMS and patches during this period...


Today is Prickle-Prickle, the 15th day of Bureaucracy in the YOLD 3174
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?