Re: kernel.org compromised
On Thu, Sep 01, 2011 at 11:56:27AM +0000, Christoph Anton Mitterer wrote:
> Hi.
>
> CCing this to d-d, as it's perhaps of more general interest:
>
> There was apparently a security break in on kernel.org
> https://www.kernel.org/#news
I am well aware of this as a kernel.org user.
> Any knowledge how far Debian's kernels and sources are concerned by this?
> Do you guys take them from git, or from the kernel.org tar balls.
>From git.
> How do you verify their integrity?
I check that new tags are signed by the same key as before. Those
keys are kept on the signers' own systems, not on kernel.org. So I
am confident that our upstream sources were not modified by the
intruder.
Ben.
--
Ben Hutchings
We get into the habit of living before acquiring the habit of thinking.
- Albert Camus
Reply to: