Returns – Re-establishing Credentials

Share Your Thoughts: Facebooktwitterlinkedin

Data Security Returns


Re-establishing Credentials

As we discussed in an earlier post, suffered a security breach.

In a message on the site:

“…we have taken the time to re-architect the site in order to improve our systems for developers and users of To this end, we would like all developers who previously had access to who wish to continue to use it to host their git and static content, to follow the instructions here.

  • Right now, and have been brought back online. All developer git trees have been removed from and will be added back as the relevant developers regain access to the system.Thanks to all for your patience and understanding during our outage and please bear with us as we bring up the different systems over the next few weeks. We will be writing up a report on the incident in the future.”‘s (unofficial Linux Kernel Mailing List archive), H. Peter Anvin outlines the Credential Re-establishing procedure and states:

“In order to establish a proper PGP web of trust we need keys that are cross-signed
by other developers.”

The notice additionally states: “If you work in an office with multiple other Linux developers, it would be a very good thing to organize a local key signing.  We will do a key signing at Kernel Summit (October 23 – 25, 2011 · Clarion Congress Hotel · Prague, Czech Republic) for the core kernel developers.”

For a complete understanding on the original incident, read Jonathan Corbet’s excellent piece on the Linux Foundation Website – The Cracking of



Share Your Thoughts: Facebooktwitterlinkedin