In the Fedora breach, company officials said they had "high confidence" the hackers did not get the "passphrase used to secure the Fedora package signing key."...In the Red Hat compromise, the intruder was able to sign a small number of OpenSSH packages relating to Red Hat Enterprise Linux 4 [i386, x86_64] and Red Hat Enterprise Linux 5 [x86_64].
Original Story: Digg / Technology
