<p>Yep.<br>
Exactly my concern. The more a compromised system does, the more work involved in the clean up.<br>
I don't understand the need to replace ssh pubkeys unless replace means reinstall. If a private key was compromised, that's a different issue. If a signing key is compromised that's a bigger issue. </p>
<div class="gmail_quote">On Sep 1, 2011 9:23 AM, "Michael H. Warfield" <<a href="mailto:mhw@wittsend.com">mhw@wittsend.com</a>> wrote:<br type="attribution">> On Thu, 2011-09-01 at 08:42 -0400, Jim Kinney wrote: <br>
>> Major bad news. They host loads of code.<br>> <br>> Read the articles. Several machines were compromised but not all.<br>> Compromised machines have been taken off line for diagnostics and<br>> reinstallation. A number of developers (close to 500) are having to<br>
> change their ssh keys, which sucks.<br>> <br>> Bad but highly unlikely to have any impact on the source code thanks to<br>> the nature of git and the highly distributed development model along<br>> with cryptographically secure hashes and history on every single file.<br>
> They'd need a time machine to go back and poke changes into past sources<br>> and change sets and they're need a transporter to get to all the<br>> thousands of machines hosting git repos at developer sites for the<br>
> development their development. They're validating the the change sets<br>> and hashes but it's unlikely to contain anything and it's unlikely the<br>> sources have been contaminated. Unexpected changes should show up<br>
> rapidly to the subsystem maintainers as unexpected conflicts or<br>> validation checks or unapproved changes sets.<br>> <br>> <a href="http://www.linux.com/news/featured-blogs/171-jonathan-corbet/491001-the-cracking-of-kernelorg">http://www.linux.com/news/featured-blogs/171-jonathan-corbet/491001-the-cracking-of-kernelorg</a><br>
> <br>> He points out that the sources are distributed from <a href="http://kernel.org">kernel.org</a> but are<br>> developed on and hosted all over the world.<br>> <br>> Regards,<br>> Mike<br>> <br>>> On Sep 1, 2011 8:14 AM, "Watson, Keith" <<a href="mailto:krwatson@cc.gatech.edu">krwatson@cc.gatech.edu</a>> wrote:<br>
>> > Security breach on <a href="http://kernel.org">kernel.org</a><br>>> > <a href="https://www.kernel.org/">https://www.kernel.org/</a><br>>> ><br>>> > Earlier this month, a number of servers in the <a href="http://kernel.org">kernel.org</a> infrastructure<br>
>> were compromised. We discovered this August 28th. While we currently believe<br>>> that the source code repositories were unaffected, we are in the process of<br>>> verifying this and taking steps to enhance security across the<br>
>> kernel.orginfrastructure.<br>>> ><br>>> ><br>>> > There is more information on their home page.<br>>> ><br>>> > keith<br>>> ><br>>> > --<br>>> ><br>
>> > Keith R. Watson Georgia Institute of Technology<br>>> > IT Support professional Lead College of Computing<br>>> > <a href="mailto:keith.watson@cc.gatech.edu">keith.watson@cc.gatech.edu</a> 801 Atlantic Drive NW<br>
>> > (404) 385-7401 Atlanta, GA 30332-0280<br>>> ><br>>> ><br>>> ><br>>> > _______________________________________________<br>>> > Ale mailing list<br>>> > <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
>> > <a href="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</a><br>>> > See JOBS, ANNOUNCE and SCHOOLS lists at<br>>> > <a href="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</a><br>
>> <br>>> _______________________________________________<br>>> Ale mailing list<br>>> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>>> <a href="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</a><br>
>> See JOBS, ANNOUNCE and SCHOOLS lists at<br>>> <a href="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</a><br>> <br>> -- <br>> Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@WittsEnd.com<br>
> /\/\|=mhw=|\/\/ | (678) 463-0932 | <a href="http://www.wittsend.com/mhw/">http://www.wittsend.com/mhw/</a><br>> NIC whois: MHW9 | An optimist believes we live in the best of all<br>> PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!<br>
</div>