On Wed, Aug 27, 2008 at 2:48 AM, Eugen Leitl <[EMAIL PROTECTED]> wrote:
> How is that remarkable? Compromises of diverse distro depositories happen
> quite regularly. Now if this was OpenBSD...
Folks who keep their systems updated using Red Hat Network are not at
risk. Atleast Red Hat confirms that. To use the GPG signature key to
verify the integrity and authenticity of the scripts please follow the
instructions below:
* Download the Red Hat Security Response Team public key:
wget -c https://www.redhat.com/security/650d5882.txt
* Import the Red Hat Security Response Team public key:
gpg --import 650d5882.txt
* Verify the script signature matches that of the Security Response Team:
gpg --verify openssh-blacklist-1.0.sh.asc
P.S :: Not speaking for my employer :-)
regards
--
Ramakrishna Reddy GPG Key ID:31FF0090
Fingerprint = 18D7 3FC1 784B B57F C08F 32B9 4496 B2A1 31FF 0090
