is Back!

From the ‘What a Relief’ files:

After being offline for just over a month, is up and running today.

Late Monday, Greg Kroah-Hartman noted that the site had been restored, and was the place he put the new Linux 3.0.4 kernel. I personally wasn’t able to get to the site immediately (new DNS pointers), but by Tues AM both and service appears to be fully restored.

The outage came after a breach where a compromised kernel developer somehow infected’s infrastructure.The maintainers have not yet written up a full incident report as they are still working on restoring and securing the site.

“We have taken the time to rearchitect the site in order to improve our systems for developers and users of,” a note on states. “To this end, we would like all developers who previously had access to who wish to continue to use it to host their git and static content, to follow the instructions here.”

Well we know that Greg Kroah-Hartman has access (and Linus Torvalds’ too), it’ll take some time till everyone gets back on board.

To my layperson’s eye, it looks like the new system is on new IPs (hence the DNS change) and takes a more layered approach to security than just a typical generic SSH login approach with public/private keys. The crypto strength that is now enforcing is also higher.

New PGP/GPG keys are now supposed to all be 4096-bit RSA keys (i suspect that many devs were using something smaller before).

In any event, it’s great to have back and I’m looking forward to learning more about the exploit and the new security mechanisms in place. After all, this will likely server as a great best practice case study for how to properly secure distributed development.

News Around the Web