[linux-elitists] Rooted kernel.org hosts (was: PJ takes her victory lap)
rick at linuxmafia.com
Wed Aug 31 20:31:18 PDT 2011
Quoting Rick Moen (rick at linuxmafia.com):
> In other news, here.kernel.org was recently determined to be hax0red, and
> Jon C. kindly explained to journos why the sky remains determinedly unfallen.
Typo; I knew full well that the hostname is 'hera', but my fingers were
Anyway, cross-posting my query from LWN:
I'm curious about two points not (to my knowledge) yet covered, probably
for the simple reason that there hasn't been enough time for proper
1. What was the escalation path to root?
2. Completely aside from the git repo contents, were the downloadable
*.tar.[gz|bz2] source archives trojaned? Are there any non-site-local
mechanisms in place to detect such tampering (other than, of course, the
fact that the Linux Kernel Archives OpenPGP key is well known, and some
of us bother to check the *.tar.[gz|bz2].sign files?
More information about the linux-elitists