-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Simetrical:
> they were created on a vulnerable OpenSSL version not on the
> toolserver. Given that Brion disabled some people's commit keys, I
> take it that it's possible to tell whether a key is compromised just
> by examining the public key. Do you plan to do that, or allow people
> with compromised keys to continue to log in? Or is that a false
> dilemma?
as you can read in my previous mail to the list (a couple of minutes ago)
affected keys have been disabled. however, not all broken keys can be
detected automatically, just most of them.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)
iEYEARECAAYFAkgq6iMACgkQIXd7fCuc5vIAIgCgoJRAebBKLeZN22BD+Wae9spF
PPMAoIZfAWrI+c4rGGvHB4Zka7dr/EZD
=XxiO
-----END PGP SIGNATURE-----
_______________________________________________
Toolserver-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/toolserver-l
