Re: kernel.org status: hints on how to check your machine forintrusion
Date: Sat Oct 01 2011 - 23:31:26 EST
On Sat, Oct 01, 2011 at 07:26:43PM -0700, Greg KH wrote:
> On Sat, Oct 01, 2011 at 09:58:38PM -0400, tmhikaru@xxxxxxxxx wrote:
> > Any way we could get something like this verification done for the
> > 3.0.x stable kernels? I'm currently stuck without any way known to me to
> > verify that any of the patches I downloaded from kernel.org before it went
> > down are actually correct.
> I already sent a signed copy of the 3.0.4 patch that applies on top of
> the 3.0 kernel to the linux-kernel mailing list a few days ago.
> That should be fine for what you need right now, right?
> greg k-h
Would it be possible for you to build on the great work already done by
Willy and provide the signature's he missed (they cluster around the more
recent branches which happen to be the tarballs most likely to have been
downloaded during the intrusion window).
Maybe it makes sense to generate sha-256 fingerprints, as H. Peter says,
rather than the less collision-resistant md5.
Very few people probably have as complete a local git repo as you do.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/