On Fri, Aug 15, 2008 at 6:57 AM, Danny Yee <danny@xxxxxxxxxxxxxxxxxxx> wrote: > Richard Hughes wrote: >> PackageKit will only allow automatic updates of signed packages. If >> we're pumping out invalid signed updates then, well, meh. > > The implication of the announcement is that signed updates may be > compromised (or possibly even the key). How else can we read this? > > "as a precaution, we recommend you not download or update > any additional packages on your Fedora systems" > > Danny. It could also be that the build system got a bad compiler installed (or a compiler got corrupted) and the signed builds have had errors in them. Not a security breach, but something that would cause problems. Trying to find out where, which servers were affected, and how that happened would be just as labor intensive. Or it could be that NFS has been banging bits before the package gets signed... or there was a zombie outbreak in PHX and they are chewing on the wires... -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
