On Thu, Sep 01, 2011 at 11:56:27AM +0000, Christoph Anton Mitterer wrote: > Hi. > > CCing this to d-d, as it's perhaps of more general interest: > > There was apparently a security break in on kernel.org > https://www.kernel.org/#news
I am well aware of this as a kernel.org user. > Any knowledge how far Debian's kernels and sources are concerned by this? > Do you guys take them from git, or from the kernel.org tar balls. >From git. > How do you verify their integrity? I check that new tags are signed by the same key as before. Those keys are kept on the signers' own systems, not on kernel.org. So I am confident that our upstream sources were not modified by the intruder. Ben. -- Ben Hutchings We get into the habit of living before acquiring the habit of thinking. - Albert Camus -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110901150352.ge2...@decadent.org.uk