Kernel.org Returns – Re-establishing Credentials
As we discussed in an earlier post, kernel.org suffered a security breach.
In a message on the Kernel.org site:
“…we have taken the time to re-architect the site in order to improve our systems for developers and users of kernel.org. To this end, we would like all developers who previously had access to kernel.org who wish to continue to use it to host their git and static content, to follow the instructions here.
- Right now, www.kernel.org and git.kernel.org have been brought back online. All developer git trees have been removed from git.kernel.org and will be added back as the relevant developers regain access to the system.Thanks to all for your patience and understanding during our outage and please bear with us as we bring up the different kernel.org systems over the next few weeks. We will be writing up a report on the incident in the future.”
“In order to establish a proper PGP web of trust we need keys that are cross-signed
by other developers.”
The notice additionally states: “If you work in an office with multiple other Linux developers, it would be a very good thing to organize a local key signing. We will do a key signing at Kernel Summit (October 23 – 25, 2011 · Clarion Congress Hotel · Prague, Czech Republic) for the core kernel developers.”
For a complete understanding on the original incident, read Jonathan Corbet’s excellent piece on the Linux Foundation Website – The Cracking of kernel.org