-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Simetrical:
they were created on a vulnerable OpenSSL version not
on the
toolserver. Given that Brion disabled some people's commit keys, I
take it that it's possible to tell whether a key is compromised just
by examining the public key. Do you plan to do that, or allow people
with compromised keys to continue to log in? Or is that a false
dilemma?
as you can read in my previous mail to the list (a couple of minutes ago)
affected keys have been disabled. however, not all broken keys can be
detected automatically, just most of them.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)
iEYEARECAAYFAkgq6iMACgkQIXd7fCuc5vIAIgCgoJRAebBKLeZN22BD+Wae9spF
PPMAoIZfAWrI+c4rGGvHB4Zka7dr/EZD
=XxiO
-----END PGP SIGNATURE-----