oss-sec mailing list archives
Re: PostgreSQL insecure install via yum (multiple problems)
From: Daniel Kahn Gillmor <dkg () fifthhorseman net>
Date: Tue, 20 Aug 2013 14:56:00 -0400
On 08/20/2013 12:11 AM, Kurt Seifried wrote:
Dunno who to ask, so adding Scrye: can we make sure Google indexes the Fedora key server? This actually raises a good point, what are the key servers now? The big 3 used to be: http://pgp.mit.edu/ http://keyserver.pgp.com/ http://sks-keyservers.net/
None of the above represent the dominant set of keyservers currently actively gossiping on the 'net today. Probably the best mechanism to track actively-syncing peers is pool.sks-keyservers.net (*not* sks-keyservers.net on its own). The various pools in the pool.sks-keyservers.net subzones are well-maintained DNS round-robins. for more details, see: http://sks-keyservers.net/overview-of-pools.php If you want to discuss the keyserver network, the dominant keyserver implementation (SKS) or the DNS pools, the best place to do so is: SKS development list <sks-devel () nongnu org> GnuPG's default keyserver of keys.gnupg.net is now a CNAME for pool.sks-keyservers.net, fwiw. --------------- I agree with Moritz Naumann's analysis of the weakness of the postgresql RPM key overall -- a 5.5 year-old 1024-bit DSA key is probably not appropriate for use any more. If the psql RPM folks are going to do any work to improve this, they're probably better off starting with a new, strong key entirely. If they want to upgrade their key but don't want to change their documentation at all, they can contact me off-list and i'll help them generate a 4096-bit RSA key that has the matching short keyID, since short keyIDs are trivial to spoof these days :P --dkg
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- PostgreSQL insecure install via yum (multiple problems) Kurt Seifried (Aug 19)
- Re: PostgreSQL insecure install via yum (multiple problems) Landon Hurley (Aug 19)
- Re: PostgreSQL insecure install via yum (multiple problems) Kurt Seifried (Aug 19)
- Re: PostgreSQL insecure install via yum (multiple problems) Eric H. Christensen (Aug 19)
- Re: PostgreSQL insecure install via yum (multiple problems) Kurt Seifried (Aug 19)
- Re: PostgreSQL insecure install via yum (multiple problems) Kevin Fenzi (Aug 19)
- Re: [pgsql-security] Re: [oss-security] PostgreSQL insecure install via yum (multiple problems) Magnus Hagander (Aug 20)
- Re: PostgreSQL insecure install via yum (multiple problems) Daniel Kahn Gillmor (Aug 20)
- Re: PostgreSQL insecure install via yum (multiple problems) Moritz Naumann (Aug 19)
- Re: PostgreSQL insecure install via yum (multiple problems) Kurt Seifried (Aug 19)
- Re: PostgreSQL insecure install via yum (multiple problems) Landon Hurley (Aug 19)