On Thu, Sep 17, 2015 at 09:29:35AM -0700, Sage Weil wrote: > Last week, Red Hat investigated an intrusion on the sites of both the Ceph > community project (ceph.com) and Inktank (download.inktank.com), which > were hosted on a computer system outside of Red Hat infrastructure. > > Ceph.com provided Ceph community versions downloads signed with a Ceph > signing key (id 7EBFDD5D17ED316D). Download.inktank.comprovided releases > of the Red Hat Ceph product for Ubuntu and CentOS operating systems signed > with an Inktank signing key (id 5438C7019DCEEEAD). While the investigation > into the intrusion is ongoing, our initial focus was on the integrity of > the software and distribution channel for both sites. Please revoke the old keys, so that if they were taken by the attacker, they cannot be used (you can't un-revoke a key generally). -- Robin Hugh Johnson Gentoo Linux: Developer, Infrastructure Lead E-Mail : robbat2@xxxxxxxxxx GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |