Redhat's entire reason for existence is to prevent this.

cozzyd an hour ago | parent | next [-]

did RPM packages get compromised?

dada216 2 hours ago | parent | prev [-]

not really, no.

So why else do we pay someone to package and certify/verify open source projects? This is absolutely 90++% of what should be RedHats core day job.

	▲	duozerk an hour ago \| parent [-]
		Non-profit Open Source distributions also and already package and verify open source packages (arguably often with a higher quality of analysis than Red Hat). You pay red hat for compliance reasons (availability of a support you'll never call, mostly).