Gentoo Archives: gentoo-security

From: Luis Ressel <aranea@×××××.de>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Regeneration of gpg keys after HeartBleed
Date: Wed, 09 Apr 2014 17:02:06
Message-Id: 20140409190116.1d973698@gentp.lnet
In Reply to: [gentoo-security] Regeneration of gpg keys after HeartBleed by Jo
1 On Wed, 09 Apr 2014 18:39:41 +0200
2 Jo <saos@××××××.net> wrote:
4 > I'm a bit concerned about the signing keys of the portage tree
5 > releases, I know that gpg is not the same as openssl but keeping in
6 > mind that SSH, VPN, HTTPS keys might be compromised for two years,
7 > don't you think it's a healthy measure to generate a new pair of keys?
9 It seems highly unlikely that GPG keys got compromised. This could only
10 have happened if either private GPG keys were transmitted via an
11 OpenSSL encrypted connection, or if the information leak created a
12 secondary attack vector.
14 SSL certifcates and credentials transmitted via SSL on affected servers
15 should be renewed, but other than that, there's not that much to worry
16 about as some people think.
19 Regards,
20 Luis Ressel


File name MIME type
signature.asc application/pgp-signature


Subject Author
Re: [gentoo-security] Regeneration of gpg keys after HeartBleed Chris Frederick <cdf123@××××××.net>