Yes, silly mistake by RedHat. It was only 2 rpm's. They were rpmdb and redhat-release. They have released updated rpm's for these. It is really a non-issue. If someone where to change the rpm and insert some kind a malicious code, it would change the md5sums on the re-packaged ISO images. It has been blown out of proportion by some people.Did you hear about this JimH?
I heard that RH forgot to sign a bunch of their 7.2 packages, and people are worried that untrusted sources may start distributing them with added "features" that could cause a tad bit of havoc. Have they done anything about it yet? Re-released them signed or anything?
(Sorta older news maybe, but it just came to my mind as something that was mentioned on a mailinglist a bit ago)