Greetings, Will we get an online update to blacklist the keys generated on debian prior to their recent openssl update[0] ? As lots of people use Debian and derivatives such as Ubuntu I expect that quite a number of people will be using keys generated on these to connect to suse servers. Therefore, unless the weak keys are blacklisted on the suse servers, the servers are made vulnerable by this exploit. Since the exploit is so public, presumably it would be prudent to push out an online update that blacklists the keys that would make people's machines vulnerable? Apologies if I have missed the update, I can't see it in the released updates or publictest. [0] http://lists.debian.org/debian-security-announce/2008/msg00152.html -- Benjamin Weber --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org