[Bug 1216293] New: fdo-client: package ships private keys
https://bugzilla.suse.com/show_bug.cgi?id=1216293 Bug ID: 1216293 Summary: fdo-client: package ships private keys Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: All Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: screening-team-bugs@suse.de Reporter: bwiedemann@suse.com QA Contact: qa-bugs@suse.de CC: jsegitz@suse.com, schubi@suse.com Target Milestone: --- Found By: Development Blocker: --- While working on reproducible builds for openSUSE, I found that our fdo-client package ships 3 random private key files. If these private keys are used, they are not secure and some other way should be implemented. And if they are not used, they should be dropped. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1216293 https://bugzilla.suse.com/show_bug.cgi?id=1216293#c13 Stefan Schubert <schubi@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(schubi@suse.com) | --- Comment #13 from Stefan Schubert <schubi@suse.com> --- (In reply to Alexander Bergmann from comment #12)
I've just checked and it looks like the version of fdo-client in ALP is still affected by this. Please submit there as well.
SUSE:ALP:Source:Standard:1.0 fdo-client
As far I see, it is meanwhile there. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com