Note: Due to technical difficulties, the Archives are currently not up to date.
GMANE provides an alternative service for most mailing lists. c.f. bug 424647
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Robert Buchholz wrote:
<blockquote cite="mid:200805171315.07254.rbu@g.o" type="cite">
<pre wrap="">Hi Peter,
On Saturday, 17. May 2008, Peter Schneider-Kamp wrote:
</pre>
<blockquote type="cite">
<pre wrap="">the recently publicized SSL weak key generation for debian-based systems
(c.f. <a class="moz-txt-link-freetext" href="http://www.debian.org/security/key-rollover/">http://www.debian.org/security/key-rollover/</a>)
has lead our university computing center to retract our
Gentoo-generated SSL keys based on an advisory from the German
DFN cert :-(
</pre>
</blockquote>
<pre wrap=""><!---->
I could not find where these advisories are published on their site, I
guess they are not publicly distributed.
</pre>
<pre wrap="">To think that any distribution is affected, simply
because they do not publicly state they are not, is a bad habit.
</pre>
</blockquote>
< ....... ><br>
<br>
<blockquote cite="mid:200805171315.07254.rbu@g.o" type="cite">
<pre wrap="">Regards,
Robert // Gentoo Security
</pre>
</blockquote>
<br>
It's something of a "lesser of two evils" situation. In the absence of
evidence either way, the only habit that would be worse is assuming
that any distribution is not affected, simply because they do not
publicly state that they are. Having said that, it's good to know that
apparently Gentoo is not impacted.<br>
<br>
<br>
<br>
</body>
</html>
|
|
