[Toolserver-l] [SECURITY] Debian OpenSSL bug may affect cryptographic keys generated or used on hemlock

River Tarnell river at wikimedia.org
Wed May 14 13:33:24 UTC 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Simetrical:
> they were created on a vulnerable OpenSSL version not on the
> toolserver.  Given that Brion disabled some people's commit keys, I
> take it that it's possible to tell whether a key is compromised just
> by examining the public key.  Do you plan to do that, or allow people
> with compromised keys to continue to log in?  Or is that a false
> dilemma?

as you can read in my previous mail to the list (a couple of minutes ago)
affected keys have been disabled.  however, not all broken keys can be
detected automatically, just most of them.

	- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)

iEYEARECAAYFAkgq6iMACgkQIXd7fCuc5vIAIgCgoJRAebBKLeZN22BD+Wae9spF
PPMAoIZfAWrI+c4rGGvHB4Zka7dr/EZD
=XxiO
-----END PGP SIGNATURE-----



More information about the Toolserver-l mailing list