• info
• discussion
• exploit
• solution
• references

RPM Package Manager Signature Verification Insufficient User Feedback Weakness

No exploit is required. A large degree of social engineering and user interaction is, however, neccessary.