Details

    • Story Points:
      0
    • Build artifact:
      Marathon-v1.7.174

      Description

      Recently, our signing key id E56151BF has been spoof-attacked, causing the key "totally legit signing key" to be imported alongside with our mesosphere signing key.

      The exploit (and vulnerability) are mentioned here:

      https://dev.gnupg.org/T4136

      We need to update all of our import references to the longform key ID: DF7D54CBE56151BF

      More info found here: https://evil32.com

        Attachments

          Activity

            People

            • Assignee:
              tharper Tim Harper
              Reporter:
              tharper Tim Harper
              Team:
              Orchestration Team
              Watchers:
              Mergebot, Tim Harper
            • Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: