On Thu, 17 Sep 2015, Robin H. Johnson wrote: > On Thu, Sep 17, 2015 at 09:29:35AM -0700, Sage Weil wrote: > > Last week, Red Hat investigated an intrusion on the sites of both the Ceph > > community project (ceph.com) and Inktank (download.inktank.com), which > > were hosted on a computer system outside of Red Hat infrastructure. > > > > Ceph.com provided Ceph community versions downloads signed with a Ceph > > signing key (id 7EBFDD5D17ED316D). Download.inktank.comprovided releases > > of the Red Hat Ceph product for Ubuntu and CentOS operating systems signed > > with an Inktank signing key (id 5438C7019DCEEEAD). While the investigation > > into the intrusion is ongoing, our initial focus was on the integrity of > > the software and distribution channel for both sites. > > Please revoke the old keys, so that if they were taken by the attacker, > they cannot be used (you can't un-revoke a key generally). Done: http://pgp.mit.edu/pks/lookup?search=ceph&op=index sage _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |