On Thu, 17 Sep 2015, Robin H. Johnson wrote:
> On Thu, Sep 17, 2015 at 09:29:35AM -0700, Sage Weil wrote:
> > Last week, Red Hat investigated an intrusion on the sites of both the Ceph
> > community project (ceph.com) and Inktank (download.inktank.com), which
> > were hosted on a computer system outside of Red Hat infrastructure.
> >
> > Ceph.com provided Ceph community versions downloads signed with a Ceph
> > signing key (id 7EBFDD5D17ED316D). Download.inktank.comprovided releases
> > of the Red Hat Ceph product for Ubuntu and CentOS operating systems signed
> > with an Inktank signing key (id 5438C7019DCEEEAD). While the investigation
> > into the intrusion is ongoing, our initial focus was on the integrity of
> > the software and distribution channel for both sites.
>
> Please revoke the old keys, so that if they were taken by the attacker,
> they cannot be used (you can't un-revoke a key generally).
Done:
http://pgp.mit.edu/pks/lookup?search=ceph&op=index
sage
_______________________________________________
ceph-users mailing list
[email protected]
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
