On 11/01/2017 03:14 PM, Kevin Fenzi wrote:
The only attack vector I can see is tricking someone into installing a package from an EOL release with a known vulnerablity, but if you can do that you likely can get them to just download it and install it or
Is it possible to compromise an old key, and use it to sign new malware that looks like it is from a recent distribution? I understand that it's unlikely because private keys are protected equally well regardless whether they are old or new, but maybe there's some way that makes older keys more vulnerable?
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
