Alexandre Dulaunoy wrote: > > Yep. Just wondering how the attacker retrieved the passphrase for Red Hat. > I am not sure they did retrieve the passphrase. It is possible that the key was already unlocked by another process, and they managed to sign a couple of packages in that time. (gpg-agent) I do not know how easy it would be to grab the information to connect to a running gpg-agent... from a new login.
Mikkel -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup!
signature.asc
Description: OpenPGP digital signature
-- fedora-list mailing list [email protected] To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
