“This language deserves to be questioned: it is only necessary
to sign a single openssh package (certainly qualifying as a “small
number”) to compromise thousands of RHEL hosts, and the “only”
terms describe what must be a large majority of deployed RHEL
systems.”