mailing list archives
Debian repositories and openssl vulnerability
From: "Bruno G. San Alejo" <bgs1714 () ono com>
Date: Tue, 03 Jun 2008 21:36:13 +0200
Hello there, I have not seen any discussions about how the openssl
vulnerability in Debian has impacted the repositories signing method.
If the keys were compromised then all the repositories were
compromised and all the Debian systems that have been updated from
2006 till now are compromised (theoretically speaking).
I'm not too sure abut this, that's why I'm asking. I have family
duties and have not much spare time to really look into this. But I've
seen no discussion about this and I'm trying to find out if the
repositories were not to be trusted for the the last 2 years, and as
afar as I know this is a vuln at the random seed level, so it means that
the signs were compromised as well.
Have fun everyone.
- Debian repositories and openssl vulnerability Bruno G. San Alejo (Jun 03)