[opensuse-security] Update to blacklist keys generated on debian?
Greetings, Will we get an online update to blacklist the keys generated on debian prior to their recent openssl update[0] ? As lots of people use Debian and derivatives such as Ubuntu I expect that quite a number of people will be using keys generated on these to connect to suse servers. Therefore, unless the weak keys are blacklisted on the suse servers, the servers are made vulnerable by this exploit. Since the exploit is so public, presumably it would be prudent to push out an online update that blacklists the keys that would make people's machines vulnerable? Apologies if I have missed the update, I can't see it in the released updates or publictest. [0] http://lists.debian.org/debian-security-announce/2008/msg00152.html -- Benjamin Weber --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Benji Weber wrote:
Will we get an online update to blacklist the keys generated on debian prior to their recent openssl update[0] ?
We have no plans to do that yet. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
participants (2)
-
Benji Weber
-
Ludwig Nussel