gpg: failed to create temporary file '/var/lib/lurker/.#lk0x570ab100.hantslug.org.uk.27379': Permission denied
gpg: keyblock resource '/var/lib/lurker/pubring.gpg': Permission denied
gpg: Signature made Tue May 13 14:19:04 2008 BST
gpg: using DSA key 20ACB3BE515C238D
gpg: Can't check signature: No public key
On Tue, May 13, 2008 at 08:57:50AM -0400, Andy Random wrote:
>
> On Tue, 13 May 2008, Hugo Mills wrote:
>
> >On Tue, May 13, 2008 at 01:34:04PM +0100, Hugo Mills wrote:
> >> This is kind of related to my talk on Saturday, but is important in
> >>its own right:
> >>
> >>http://lists.debian.org/debian-security-announce/2008/msg00152.html
> [SNIP]
> > Sorry, forgot to mention -- this affects SSH, OpenVPN, DNSSEC and
> >all X.509 certificates and sessions. It doesn't affect GPG keys,
> >fortunately.
>
> Quoting from the link above "This is a Debian-specific vulnerability which
> does not affect other operating systems which are not based on Debian."
>
> I assume this means that Ubuntu, Mepis and other Debian derivatives also
> suffer the same issue? If so I hope they will be pushing through security
> updates ASAP...
I think that unless you hear otherwise, it's best to assume that
they're affected. You could always get hold of the vulnerability
tester given in the advisory and check your keys.
Hugo.
--
=== Hugo Mills: hugo@... carfax.org.uk | darksatanic.net | lug.org.uk ===
PGP key: 515C238D from wwwkeys.eu.pgp.net or http://www.carfax.org.uk
--- Someone's been throwing dead sheep down my Fun Well ---
