Hello Cosign, As folks are working on mitigating the heartbleed bug, I wanted to inquire about the exposure on the service provider side of things. Once the cosignd side of things are mitigated as necessary what does the service provider side of the problem look like?
I expect the cosign service private key could potentially be exposed on affected systems. Is that accurate? If that is the case, I expect re-issuing the service certificates (after updating openssl) is the correct action. Thanks, John ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss
