Laszlo BERES wrote:
Miles Sabin wrote:

The RHEL signing keys have, however, been used by an unauthorized
party to sign unauthorized packages. Some people would say that that
qualified as "compromised" on any reasonable definition.

Signing is a thing, distributing a signed package through the official ways is another. The latter didn't happen as we know.

But we do know that a large number of DNS servers are still vulnerable to spoofing. How do you know that what you think was an official mirror delivering your rpm update wasn't an imposter, spoofed in DNS.

--
  Les Mikesell
    [EMAIL PROTECTED]



--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Reply via email to