For those who run on Matrix.org and wonder why there is no connection:
Matrix announced an emergency maintenance… on Twitter:
Sadly @matrix didn't receive the love it deserves and informs the Fediverse.
Anyway, that's why we have a community. We compensate short coming of each other and together make sure the world becomes a better place!
Matrix is coming back up! One of the first things happening was writing a new blog post about the incident which you can find here:
TL;DR: Some outdated software was discovered and cracked by an attack which then had access to various data points.
Important: Change your password ASAP (including NickServ when you used the IRC bridges)
Hint: The homeserver is not back up yet.
There are new keys for the official matrix repositories with the key ids:
Those come along with a new package that are build on fresh infrastructure. No details if they now sign packages offline, yet.
@sheogorath by "they noticed", you mean " the attacker told them"
How do you get rid of these keys and get the new ones?
@Divert Since I guess you use some Debian base system:
apt-key del AD0592FE47F0DF61
or apt-key del E019645248E8F4A1
Yes, thanks. that is what I did. I am wondering now how to get the correct ones..
@Divert As far as I know there aren't new ones yet. The keys along with the repositories where removed and will be rebuild during the upcoming week.
Untrusting GPG keys for packages
I imagine you have to do some gpg --recv-keys --# # # commands to get Pacman to stop using those keys,
as its part of installation on many pkgs to trust developers' keys or pkg maintainers' keys directly.
Unless thats just for trusting downloads!
Heres a pkg where u do thet