[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: kernel.org compromised



On Thu, Sep 01, 2011 at 11:56:27AM +0000, Christoph Anton Mitterer wrote:
> Hi.
> 
> CCing this to d-d, as it's perhaps of more general interest:
> 
> There was apparently a security break in on kernel.org
> https://www.kernel.org/#news

I am well aware of this as a kernel.org user.

> Any knowledge how far Debian's kernels and sources are concerned by this?
> Do you guys take them from git, or from the kernel.org tar balls.
 
>From git.

> How do you verify their integrity?

I check that new tags are signed by the same key as before.  Those
keys are kept on the signers' own systems, not on kernel.org.  So I
am confident that our upstream sources were not modified by the
intruder.

Ben.

-- 
Ben Hutchings
We get into the habit of living before acquiring the habit of thinking.
                                                              - Albert Camus


Reply to: