Security Basics mailing list archives
Debian repositories and openssl vulnerability
From: "Bruno G. San Alejo" <bgs1714 () ono com>
Date: Tue, 03 Jun 2008 21:36:13 +0200
Hello there, I have not seen any discussions about how the openssl vulnerability in Debian has impacted the repositories signing method. If the keys were compromised then all the repositories were compromised and all the Debian systems that have been updated from 2006 till now are compromised (theoretically speaking). I'm not too sure abut this, that's why I'm asking. I have family duties and have not much spare time to really look into this. But I've seen no discussion about this and I'm trying to find out if the repositories were not to be trusted for the the last 2 years, and as afar as I know this is a vuln at the random seed level, so it means that the signs were compromised as well. Have fun everyone.
Current thread:
- Debian repositories and openssl vulnerability Bruno G. San Alejo (Jun 03)