but surely, can't all the keys people are using for logging in been compromized?
On Tue, May 13, 2008 at 2:53 PM, River Tarnell river@wikimedia.org wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
anyone who has used hemlock to generate cryptographic keys (e.g. SSL certificates or SSH keys), or used keys generated elsewhere on hemlock, should be aware of this Debian security advisory:
http://lists.debian.org/debian-security-announce/2008/msg00152.html
such keys should be considered compromised, and replaced with newly generated keys. the version of OpenSSL currently installed on hemlock is not affected by this problem.
this does not affect keys generated or used on the stable server.
- river.-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32)
iD8DBQFIKY9FIXd7fCuc5vIRAlugAKCFXJwNlKw+iLWwGo/5yQCHO43LcgCfV19J XpAR+TE9OFKv0TvF4a3yfdI= =cZ29 -----END PGP SIGNATURE-----
Toolserver-l mailing list Toolserver-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/toolserver-l