Hi, On 2024-03-29 23:59, Ansgar 🙀 wrote: > Hi, > > how should we react to the compromised xz-utils upload? > > Ubuntu is reverting their amd64 binaries to pre-Feb 25 and rebuilding > stuff. > > On Debian side AFAIU currently amd64 buildds are paused and pending > reinstall (plus rotation of key material, both OpenPGP and SSH).
All the 8 existing VMs at csail, conova, grnet and ubc have been shutdown, and their GPG key have been removed on the dak side. Their SSH key is managed by puppet, so are still enabled at this time, but their restricted command has been disabled as they are not allowed to build any architecture. 2 new VMs have been created, x86-grnet-03 and x86-grnet-04. Currently they only build buster, bullseye and bookworm and the associated security suites. I didn't enable backports, as it probably needs to be audited for the builds after Feb 25, like it was done for the security suites using reproducible builds. Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://aurel32.net
