but surely, can't all the keys people are using for logging in been compromized?
On Tue, May 13, 2008 at 2:53 PM, River Tarnell <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > anyone who has used hemlock to generate cryptographic keys (e.g. SSL > certificates or SSH keys), or used keys generated elsewhere on > hemlock, should be aware of this Debian security advisory: > > http://lists.debian.org/debian-security-announce/2008/msg00152.html > > such keys should be considered compromised, and replaced with newly > generated keys. the version of OpenSSL currently installed on > hemlock is not affected by this problem. > > this does not affect keys generated or used on the stable server. > > - river. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (MingW32) > > iD8DBQFIKY9FIXd7fCuc5vIRAlugAKCFXJwNlKw+iLWwGo/5yQCHO43LcgCfV19J > XpAR+TE9OFKv0TvF4a3yfdI= > =cZ29 > -----END PGP SIGNATURE----- > > > _______________________________________________ > Toolserver-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/toolserver-l > -- /Carl Fürstenberg <[EMAIL PROTECTED]> _______________________________________________ Toolserver-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/toolserver-l
