|
|
Log in / Subscribe / Register

kernel.org compromised

kernel.org compromised

Posted Sep 2, 2011 2:34 UTC (Fri) by Duncan (guest, #6647)
In reply to: kernel.org compromised by nix
Parent article: kernel.org compromised

You may be doubting wrong. See the last paragraph of the H-Online coverage, here:

http://www.h-online.com/open/news/item/Security-breach-at...

Apparently the signatures are generated on a server @ kernel.org, and it's as yet unclear whether the crackers had access to all the necessary components for signing, or not.

Duncan

to post comments

kernel.org compromised

Posted Sep 2, 2011 14:25 UTC (Fri) by nix (subscriber, #2304) [Link]

I'm not talking about the PGP signatures for the tarballs. I'm talking about the signed *tags* in the git tree: the object you see via e.g. 'git show v3.0.4'. That is part of the git repo and cannot be forged without access to Greg's private key. Now a hostile attacker could add a fake one, but the key would be different, and Greg would be certain to notice.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds