Roelof van der Kleij wrote:
> Hi all,
>
> http://www.redhat.com/security/data/openssh-blacklist.html
>
> It seems someone got a hold of the redhat pgp signing keys and
> distributed compromised openssh rpm's The check script tests for
> modified binaries.
>
> The article focuses on RHN not being compromised but is a bit vague
> about which channels were affected. Apparently some compromised openSSH
> rpm's are circulating in the wild.
>
> Just a question: is there any chance of SRPM being compromised, which
> would affect SL and Centos?
I see no reason to suppose that can have happened, but no doubt that as
a consequence of RH shipping new source packages, the clones will follow
suite.
RH has not said that any source packages have been compromised; no doubt
that since it's said some binary packages are, it would also have fessed
out to any source problems. In any case, I expect that any dud packages
have vanished from the RH ftp servers, so why don't you look and see
what's there?
--
Cheers
John
-- spambait
[log in to unmask][log in to unmask]
-- Advice
http://webfoot.com/advice/email.top.phphttp://www.catb.org/~esr/faqs/smart-questions.htmlhttp://support.microsoft.com/kb/555375
You cannot reply off-list:-)
