Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
They finally leaked some information about what happened:
One week of infrastructure issues
Posted Aug 22, 2008 21:18 UTC (Fri) by Brenner (subscriber, #28232)
Following the link we have http://www.redhat.com/security/data/openssh-blacklist.html, with
[ In connection with the incident, the intruder was able to sign a small
number of OpenSSH packages relating only to Red Hat Enterprise Linux 4
(i386 and x86_64 architectures only) and Red Hat Enterprise Linux 5 (x86_64
architecture only). ]
Does anyone knows how RH can be sure that _only_ the openssh packages listed in their
openssh-blacklist-1.0.sh checker have been signed by the intruder ?
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds