Gentoo Archives: gentoo-security

From: Alex Legler <a3li@g.o>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Regeneration of gpg keys after HeartBleed
Date: Mon, 14 Apr 2014 21:55:13
In Reply to: [gentoo-security] Regeneration of gpg keys after HeartBleed by Jo
1 On 09.04.2014 18:39, Jo wrote:
2 > Hi all, this is my first post in this list, so again Hi all!
3 >
4 > I'm a bit concerned about the signing keys of the portage tree releases,
5 > I know that gpg is not the same as openssl but keeping in mind that SSH,
6 > VPN, HTTPS keys might be compromised for two years, don't you think it's
7 > a healthy measure to generate a new pair of keys?
9 GPG private keys are kept and used nowhere near any server processes,
10 not transferred via HTTPS or any VPNs, and SSH is not affected. I don't
11 see an immediate need to rotate them.
13 --
14 Alex Legler <a3li@g.o>
15 Gentoo Security/Ruby/Infrastructure


File name MIME type
signature.asc application/pgp-signature


Subject Author
Re: [gentoo-security] Regeneration of gpg keys after HeartBleed Rich Freeman <rich0@g.o>