gpg: failed to create temporary file '/var/lib/lurker/.#lk0x586ee100.hantslug.org.uk.25667': Permission denied
gpg: keyblock resource '/var/lib/lurker/pubring.gpg': Permission denied
gpg: verify signatures failed: Unknown system error
On Tue, May 13, 2008 at 08:57:50AM -0400, Andy Random wrote:
>
> On Tue, 13 May 2008, Hugo Mills wrote:
>
> >On Tue, May 13, 2008 at 01:34:04PM +0100, Hugo Mills wrote:
> >> This is kind of related to my talk on Saturday, but is important in
> >>its own right:
> >>
> >>http://lists.debian.org/debian-security-announce/2008/msg00152.html
> [SNIP]
> > Sorry, forgot to mention -- this affects SSH, OpenVPN, DNSSEC and
> >all X.509 certificates and sessions. It doesn't affect GPG keys,
> >fortunately.
>
> Quoting from the link above "This is a Debian-specific vulnerability which
> does not affect other operating systems which are not based on Debian."
>
> I assume this means that Ubuntu, Mepis and other Debian derivatives also
> suffer the same issue? If so I hope they will be pushing through security
> updates ASAP...
I think that unless you hear otherwise, it's best to assume that
they're affected. You could always get hold of the vulnerability
tester given in the advisory and check your keys.
Hugo.
--
=== Hugo Mills: hugo@... carfax.org.uk | darksatanic.net | lug.org.uk ===
PGP key: 515C238D from wwwkeys.eu.pgp.net or http://www.carfax.org.uk
--- Someone's been throwing dead sheep down my Fun Well ---
