[Hampshire] OpenSSL in Debian is broken

Startseite
Autor: Hugo Mills
Datum:  
To: Hants LUG
Betreff: [Hampshire] OpenSSL in Debian is broken

Nachricht beantworten
gpg: failed to create temporary file '/var/lib/lurker/.#lk0x57f49100.hantslug.org.uk.30940': Permission denied
gpg: keyblock resource '/var/lib/lurker/pubring.gpg': Permission denied
gpg: Signature made Tue May 13 13:34:04 2008 BST
gpg: using DSA key 20ACB3BE515C238D
gpg: Can't check signature: No public key
All -

This is kind of related to my talk on Saturday, but is important in
its own right:

http://lists.debian.org/debian-security-announce/2008/msg00152.html

Basically, Debian managed to introduce a bug into their OpenSSL
packages a couple of years ago that made the "random" numbers it
generates predictable. This is a Bad Thing. They're recommending
regenerating *all* of the cryptographic keys, certificates and
signatures that you've made with the affected versions. See the link
for more details.

Hugo.

-- 
=== Hugo Mills: hugo@... carfax.org.uk | darksatanic.net | lug.org.uk ===
  PGP key: 515C238D from wwwkeys.eu.pgp.net or http://www.carfax.org.uk
                   --- Ceci n'est pas une pipe:  | ---