AMD64 Archive Key compromised!

To: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: debian-devel@lists.debian.org
Subject: AMD64 Archive Key compromised!
From: Adam Majer <adamm@galacticasoftware.com>
Date: Thu, 28 Oct 2004 12:20:34 -0500
Message-id: <[🔎] 41812A62.2000602@galacticasoftware.com>
In-reply-to: <[🔎] 1098974448.3996.127.camel@tyrosine>
References: <[🔎] 1098974448.3996.127.camel@tyrosine>

Matthew Garrett wrote:

>Developers, do not allow 
>
>http://www.google.com/search?q=inurl%3Asecring.gpg
>
>to happen to you.
>
>  
>
Yeah.

debian-amd64.alioth.debian.org/pure64/wanna-build/secring.gpg
<http://debian-amd64.alioth.debian.org/pure64/wanna-build/secring.gpg>
is Forbidden, but

ftp.belnet.be/linux/debian-amd64/wanna-build/secring.gpg
<http://ftp.belnet.be/linux/debian-amd64/wanna-build/secring.gpg>
ftp.belnet.be/pub/mirror/debian-amd64.alioth.debian.org/wanna-build/secring.gpg
<http://ftp.belnet.be/pub/mirror/debian-amd64.alioth.debian.org/wanna-build/secring.gpg>

are wide open.

So, with no further delay, here's the revocation certificate for the
AMD64 archive key!
Man, people had secret keys on broken in machines and those were removed
from the archive. But to have a secring.gpg on Google?

I also took the liberty to send this revocation certificate to
keyring.debian.org

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: A revocation certificate should follow

iGYEIBECACYFAkGBKG4fHQJzZWNyaW5nLmdwZyBmb3VuZCBvbiBHb29nbGUhIQAK
CRCVXxufOIK6/GbFAJ4yTldjZzm015upfsAcKwNoFf5y8wCdHRGITdO2XRWnbZy+
3q7JMAf9CI4=
=rMmn
-----END PGP PUBLIC KEY BLOCK-----

-- 
Building your applications one byte at a time
http://www.galacticasoftware.com

Reply to:

References:
- An important lesson
  - From: Matthew Garrett <mjg59@srcf.ucam.org>

Prev by Date: deletion of xpackman dir
Next by Date: Re: Bug#278255: ITP: rdflib -- A python library for working with RDF
Previous by thread: Re: An important lesson
Next by thread: special request - no spam - seriously!
Index(es):
- Date
- Thread