-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
anyone who has used hemlock to generate cryptographic keys (e.g. SSL certificates or SSH keys), or used keys generated elsewhere on hemlock, should be aware of this Debian security advisory:
http://lists.debian.org/debian-security-announce/2008/msg00152.html
such keys should be considered compromised, and replaced with newly generated keys. the version of OpenSSL currently installed on hemlock is not affected by this problem.
this does not affect keys generated or used on the stable server.
- river.