Re: Key rollover instructions

To: debian-www@lists.debian.org, team@security.debian.org
Subject: Re: Key rollover instructions
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Wed, 14 May 2008 23:23:56 +0200
Message-id: <[🔎] 20080514212356.GA3735@galadriel.inutil.org>
In-reply-to: <[🔎] 20080514182948.GA7476@kodama.kitenet.net>
References: <[🔎] 20080514172936.GA3574@galadriel.inutil.org> <[🔎] 20080514182948.GA7476@kodama.kitenet.net>

On Wed, May 14, 2008 at 02:29:48PM -0400, Joey Hess wrote:
> Moritz Muehlenhoff wrote:
> > Dear Web Team,
> > please fold in the information for the key rollover into the
> > website. The Security Team will collect and prepare information
> > through the wiki and by contacting maintainers and
> > send finalised instructions to you in regular intervals.
> > 
> > I think we should have an alphabetical list and a separate
> > page of packages known not to be vulnerable.
> 
> I've committed an initial pass at this to CVS.

Thanks, there's more to come soon.

> Did put an alphabetical
> list at the top, but don't have a list of vulnerable packages included yet.
> (Afaik that list only needs gnupg, and some crypto filesystems on it?)

I think we should set the hurdle of understanding rather low.
E.g. MySQL uses OpenSSL for most distributions, while Debian uses
the internal yassl implementation.

I think it would be good to add such information even if strictly
speaking it can be figured out by looking at dependencies.

Or does anyone have concerns the list might become too convoluted?

Cheers,
        Moritz

Reply to:

References:
- Key rollover instructions
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Re: Key rollover instructions
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: iceweasel x590 vulnerability info
Next by Date: Suggestion...
Previous by thread: Re: Key rollover instructions
Next by thread: iceweasel x590 vulnerability info
Index(es):
- Date
- Thread