According to this announcement from yesterday, Fedora servers were compromised.
Here is a scary part of the announcement:
One of the compromised Fedora servers was a system used for signingThat particular server had very little to do with Internet, and should have been properly isolated, even on a completely separate network from Internet accessible servers.
So, the readers should be careful with the current Fedora distro and packages download and install. I would wait for the next official release.
This event goes to show that large companies, regardless of industry can make poor security choices. And because large companies with high profile are a great publicity target, these poor choices are easily found by hackers
Anyway, respect to RedHat for the announcement. A lot of companies will simply sweep such an event under the rug.
Portrait of Hackers
Talkback and comments are most welcome