What exactly does the announcement mean to the CentOS community? >From what point in the past to what point present/future should the user community be concerned? Once you find the final culprit, how sure will you be whether any issue is/was malicious vs benign? Do you perform regular server checksums to compare what _might_ have changed (i.e. tripwire, etc)? What is the level and mitigation of damage control - current and future? What additional specifics can we learn from you - from safe/tainted media checksum files to ISO media itself? From keeping machines up and running to needing a fresh install? Could the same thing happen, or did it, with the upstream provider, or is it limited to the CentOS community? Thank you. Scott