on Fri, Nov 21, 2003 at 10:48:37AM -0500, Andrew Schulman (andrex@deadspam.com) wrote:
> >http://cert.uni-stuttgart.de/files/fw/debian-security-20031121.txt
> >
> >
> >------------------------------------------------------------------------
> >[Note: The original announcement didn't have a GnuPG signature.]
>
> Why did the original announcement not have a GnuPG signature? Is no one
> else bothered by this? Why has there been no announcement on debian.org?
It was supersceded by a repost with a GPG signature. Which I validated
before submitting the item to Slashdot.
www.debian.org wasn't updated for a time after the compromise because it
was among the affected servers.
There's been a bit of talk about a disaster recovery plan, including
fallback communications channels. Things were rather ad hoc this time
around.
Peace.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
"Just another million years," said Marvin, "just another quick
million. Then I might try it backwards. Just for the variety, you
understand."
-- HHGTG
Attachment:
pgp3GG_MJQnkB.pgp
Description: PGP signature