On Wed, May 14, 2008 at 9:31 AM, Simetrical Simetrical+wikilist@gmail.com wrote:
But the keys that some people use to log in may be compromised, if they were created on a vulnerable OpenSSL version not on the toolserver. Given that Brion disabled some people's commit keys, I take it that it's possible to tell whether a key is compromised just by examining the public key. Do you plan to do that, or allow people with compromised keys to continue to log in? Or is that a false dilemma?
Yeah, this post was at least 40 minutes too late. Serves me right for reading my mail in chronological order. Never mind. :)