2008/8/22 Michael J Gruber <michaeljgruber+gmane@xxxxxxxxxxx>: > - Fedora's key will be changed, not RHEL's, which has been compromised. > - High security private keys are best kept in bare metal and used on > boxes without incoming network. This doesn't seem to apply to the > package signing keys. We don't know that the RHEL key has been compromised; perhaps dodgy packages were fed to a signing mechanism that was not directly accessible to the attacker (and maybe they detected the intrusion because someone noticed something fishy about the packages they were signing?) .... we don't know the full story. Maybe RHEL will have updated keys distributed via RHN. *shrug* -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
