|
|
Subscribe / Log in / New account

Where does the RHEL 7 source code live?

Where does the RHEL 7 source code live?

Posted Jul 4, 2014 3:41 UTC (Fri) by mjg59 (subscriber, #23239)
In reply to: Where does the RHEL 7 source code live? by jcpunk
Parent article: Where does the RHEL 7 source code live?

Why is it logically possible to steal the Red Hat key?

to post comments

Where does the RHEL 7 source code live?

Posted Jul 4, 2014 21:13 UTC (Fri) by dag- (guest, #30207) [Link]

I would contend that for Red Hat the signing key is business critical, but the git.centos.org repository is not. So no doubt the key is well secured, and the process to sign packages is well protected as it would hurt their business and harm the trust customers have in them. git.centos.org not so much.

What's more, git.centos.org has (the same and) more attack vectors than the signing key/SRPMs used to have. So overall it is less secure as the previous way of working (which was the same for customers as it was for everyone else).


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds