[CentOS] Question on security issue alert from recent centos-announce

Sat Jul 4 18:52:30 UTC 2009
Scott Ehrlich <srehrlich at gmail.com>

What exactly does the announcement mean to the CentOS community?

>From what point in the past to what point present/future should the
user community be concerned?

Once you find the final culprit, how sure will you be whether any
issue is/was malicious vs benign?

Do you perform regular server checksums to compare what _might_ have
changed (i.e. tripwire, etc)?

What is the level and mitigation of damage control - current and future?

What additional specifics can we learn from you - from safe/tainted
media checksum files to ISO media itself?  From keeping machines up
and running to needing a fresh install?

Could the same thing happen, or did it, with the upstream provider, or
is it limited to the CentOS community?

Thank you.