Omer Zak wrote:
On Fri, 2008-05-16 at 11:09 +0300, Shachar Shemesh wrote:
I'll try to give context to Amos's message, as I think it is important.
If you are running an ssh server on a machine which is not Debian, and
was never affected by the openssl key generation bug, you may be under
the impression that there is no need to do anything. This is not exactly
the case.
One more piece of context which I feel to be necessary:
Does the vulnerability affect also PGP/GPG keys generated during the
last two years?
If yes, how to invalidate those keys when they are already at large?
--- Omer
The advisory (http://www.debian.org/security/2008/dsa-1571) claims that
GnuPG was not affected.
Shachar
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
