 
| Sender: |
|
| Date: |
Mon, 25 Aug 2008 09:43:17 +0200 |
| MIME-version: |
1.0 |
| Reply-To: |
|
| Content-type: |
text/plain; format=flowed; charset=UTF-8 |
| Subject: |
|
| From: |
|
| In-Reply-To: |
|
| Organization: |
ICT Gorlaeus |
| Content-transfer-encoding: |
7BIT |
| Parts/Attachments: |
|
|
This question was fully answered by troy in his post "openssh verified
on sl4 and sl5" d.d. 08/22/2008 06:00 PM which just about crossed my post.
Roelof
John Summerfield wrote:
> Roelof van der Kleij wrote:
>> Hi all,
>>
>> http://www.redhat.com/security/data/openssh-blacklist.html
>>
>> It seems someone got a hold of the redhat pgp signing keys and
>> distributed compromised openssh rpm's The check script tests for
>> modified binaries.
>>
>> The article focuses on RHN not being compromised but is a bit vague
>> about which channels were affected. Apparently some compromised
>> openSSH rpm's are circulating in the wild.
>>
>> Just a question: is there any chance of SRPM being compromised, which
>> would affect SL and Centos?
>
> I see no reason to suppose that can have happened, but no doubt that
> as a consequence of RH shipping new source packages, the clones will
> follow suite.
>
> RH has not said that any source packages have been compromised; no
> doubt that since it's said some binary packages are, it would also
> have fessed out to any source problems. In any case, I expect that any
> dud packages have vanished from the RH ftp servers, so why don't you
> look and see what's there?
>
>
>
>
|
|
|
