[Leaplist] Fedora Weekly News 141: Post-Compromise and
Infrastructure Info ...
Bryan J. Smith
b.j.smith at ieee.org
Wed Sep 3 11:28:21 EDT 2008
The latest Fedora Weekly News edition is out:
https://fedoraproject.org/wiki/FWN/Issue141
There are numerous discussions on the Post-Compromise
changes, infrastructure, etc...
As noted prior, the Fedora team took the decision to
yank everything as a prime opportunity to make major
changes in the infrastructure.
Issue 141: "Intrusion Recovery Slow and Steady"
https://fedoraproject.org/wiki/FWN/Issue141#Intrusion_Recovery_Slow_and_Steady
I also want to re-stress both Fedora and Red Hat's
statements that there were no software changes required
to prevent this compromise, as well as absolutely no
software distributed by Fedora or Red Hat was compromised.
I.e., you don't have to update for either reason. ;)
Any media site that says otherwise is getting the facts
completely wrong. The information is right in the Red
Hat and Fedora press releases.
Fedora will be changing keys for the Fedora 10 release,
and updating keys on Fedora 8 and 9 releases, as a 100%
pre-cautionary measure. Existing packages are still
trusted, and it's a voluntary move to update.
Red Hat will not be changing keys. There are many sites
that detail how Red Hat's signing works. It's not my
place to relay such details.
Also, from the previous issue ...
Issue 140: "Mysterious Fedora Compromise"
https://fedoraproject.org/wiki/FWN/Issue140#Mysterious_Fedora_Compromise
--
Bryan J Smith Professional, Technical Annoyance
b.j.smith at ieee.org http://www.linkedin.com/in/bjsmith
------------------------------------------------------
Fission Power: An Inconvenient Solution
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Leaplist
mailing list