Miles Sabin wrote:
On Fri, Aug 22, 2008 at 5:44 PM, Rahul Sundaram
wrote:
Michael J Gruber wrote:
- Fedora's key will be changed, not RHEL's, which has been compromised.
No indication of the latter. The setup is different. Refer
http://www.awe.com/mark/blog/200701300906.html
Only if you define "compromised" as possession of the unencrypted private key.
The RHEL signing keys have, however, been used by an unauthorized
party to sign unauthorized packages. Some people would say that that
qualified as "compromised" on any reasonable definition.
Yes but if it requires physical access, there is no need to generate a
new key.
Incidentally, what does "with high probability" mean? Anything more
than "we're pretty sure, but we can't really say how sure"?
Probably it means they don't have any reason to believe otherwise.
Rahul
--
fedora-list mailing list
[email protected]
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
