This question was fully answered by troy in his post "openssh verified
on sl4 and sl5" d.d. 08/22/2008 06:00 PM which just about crossed my post.
Roelof
John Summerfield wrote:
Roelof van der Kleij wrote:
Hi all,
http://www.redhat.com/security/data/openssh-blacklist.html
It seems someone got a hold of the redhat pgp signing keys and
distributed compromised openssh rpm's The check script tests for
modified binaries.
The article focuses on RHN not being compromised but is a bit vague
about which channels were affected. Apparently some compromised
openSSH rpm's are circulating in the wild.
Just a question: is there any chance of SRPM being compromised, which
would affect SL and Centos?
I see no reason to suppose that can have happened, but no doubt that
as a consequence of RH shipping new source packages, the clones will
follow suite.
RH has not said that any source packages have been compromised; no
doubt that since it's said some binary packages are, it would also
have fessed out to any source problems. In any case, I expect that any
dud packages have vanished from the RH ftp servers, so why don't you
look and see what's there?
