A vulnerability was discovered in Debian Etch's OpenSSL package: http://lists.debian.org/debian-security-announce/2008/msg00152.html
This means that keys generated under this platform version are weak, and easily crackable. Consequently we've run the dowkd.pl tool and disabled keys considered weak. They are marked as '# WEAK KEY' in the Savannah interface. Please remove or regenerate these keys (after upgrading your openssl package); we also suggest you look for other places where these keys were used, and replace them there too. The Savannah SSH host keys (cvs/git/arch/download.savannah.gnu.org) predate Etch and are not impacted. The savannah.gnu.org and savannah.nongnu.org https keys were generated through GnuTLS and are not impacted. _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/
