[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Adonthell-devel] Regarding Savannah hack
From: |
Kai Sterker |
Subject: |
[Adonthell-devel] Regarding Savannah hack |
Date: |
Wed, 10 Dec 2003 07:17:26 +0100 |
As you might have noticed, the server running Savannah, where our CVS
and downloads are hosted was broken into in early November. After
discovery of the incident, the services have been temporarily turned
off.
Now that they are going to be back soon(er or later), there will be a
few things to watch out for those of you that have a developer account
there. Most important are these points:
* When the user database comes back online, all Savannah users will
need to activate their Savannah accounts anew, and upload their
SSHv2 keys. Users will not need to make new SSHv2 keys; we know
of no particular security threat to Savannah if you use the same
one. (However, you might want to consider making new keys in
case your own private key security has been compromised.) SSHv1
access will no longer be provided.
* Upload of GNU Privacy Guard (GPG) keys as part of the account
activation process will no longer be optional; each Savannah
developer must have a GPG key on-file at Savannah. Additionally,
one email address on the key must match the email address used by
the developer on Savannah. If you do not yet have a GPG key, and
plan to reactivate your savannah account, we suggest that you
generate a GPG key soon, so that it will be ready when regular
user access is restored.
The whole message can be found at:
http://savannah.gnu.org/statement.html
Sorry to bother you, if all of that is old news to you ;-).
Cheers,
Kai
- [Adonthell-devel] Regarding Savannah hack,
Kai Sterker <=