Following the link we have http://www.redhat.com/security/data/openssh-blacklist.html, with
[ In connection with the incident, the intruder was able to sign a small
number of OpenSSH packages relating only to Red Hat Enterprise Linux 4
(i386 and x86_64 architectures only) and Red Hat Enterprise Linux 5 (x86_64
architecture only). ]
Does anyone knows how RH can be sure that _only_ the openssh packages listed in their
openssh-blacklist-1.0.sh checker have been signed by the intruder ?