[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [buildd] Implications of DSA-1571-1

On Tue, May 13, 2008 at 08:00:53PM +0200, Ingo Juergensmann wrote:
> Hi!
> 
> http://lists.debian.org/debian-security-announce/2008/msg00152.html
> 
> The latest SSL remote "problem" has some serious issues for the buildds: 
> 
> | Permission denied (publickey,keyboard-interactive).
> | May 13 18:02:27 buildd: wanna-build --list=needs-build --dist=unstable
> | failed; status 255/0
> 
> Because of all *.d.o machines have disabled SSH pub key logins now, no
> buildd is able to build packages anymore - until the new SSL version is
> installed and all buildds have regenerated keys and have those keys uploaded
> and installed on the wanna-build host again. 
> 
> Well, those machines that were installed before etch, should be safe. Can
> anyone confirm this?

Only if you have an RSA key. DSA (as in, Digital Signature Algorithm)
keys should be considered compromised, too, since they use the OpenSSL
randomizer, which is buggy.

DSA (as in, Debian System Administration) is however aware of the
problem, and it should probably be fair to say that they'll give this
higher priority than other issues currently.

> Is there already a fixed version available in etch-m68k?

Not that I know of. We should work on that.

-- 
<Lo-lan-do> Home is where you have to wash the dishes.
  -- #debian-devel, Freenode, 2004-09-22
Reply to: