Gentoo Archives: gentoo-security

From: Byron <negentropy@×××××××.net>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] ssl weak key generation (supposed to effect only debian)
Date: Sun, 18 May 2008 01:11:39
Message-Id: 482F8220.7090207@verizon.net
In Reply to: Re: [gentoo-security] ssl weak key generation (supposed to effect only debian) by Robert Buchholz
Robert Buchholz wrote:
> Hi Peter, > > On Saturday, 17. May 2008, Peter Schneider-Kamp wrote: > >> the recently publicized SSL weak key generation for debian-based systems >> (c.f. http://www.debian.org/security/key-rollover/) >> has lead our university computing center to retract our >> Gentoo-generated SSL keys based on an advisory from the German >> DFN cert :-( >> > > I could not find where these advisories are published on their site, I > guess they are not publicly distributed. > > > > To think that any distribution is affected, simply > because they do not publicly state they are not, is a bad habit. > > >
< ....... >
> Regards, > Robert // Gentoo Security >
It's something of a "lesser of two evils" situation. In the absence of evidence either way, the only habit that would be worse is assuming that any distribution is not affected, simply because they do not publicly state that they are. Having said that, it's good to know that apparently Gentoo is not impacted.

Replies