John Aldrich wrote: > Quoting Bill Davidsen <davidsen@xxxxxxx>: >> >> As noted, the detail I would have liked was to know if this was a >> failure of system security or a failure of misplaced trust. If there is >> a hole in their server system security it's likely to be in ours as >> well. >> >> And if someone could say with certainty that packages downloaded before >> {date} were safe, it would be more reassuring than "there is little >> risk to Fedora users who wish to install or upgrade signed Fedora >> packages." If the start date of the problem is known, that would be >> really good information for people who keep a local repository and >> don't have to upgrade every new install totally over the network. >> > Well, I know someone on this list said I should feel safe in upgrading > my F6 box to F9. I don't know if that answers your questions or not. > That being said, I think I'll wait until F10 or until fresh ISO images > come out. Despite the fact that my only installation is a single, > personal box, I don't want to risk getting hacked because someone *may* > have gotten some bogus packages into the system and/or compromised the > signing key for Fedora. > > Unless/until someone from Fedora says "It is safe to install Fedora 9 > from the original ISO images distributed when F9 was released" I am not > going to trust that they are safe. > Hey I am currently downloading the ISO dvd to install after I finish my day's lessons, is this not a good idea to do? Travis -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines