Robert Buchholz wrote:
Hi Peter,
On Saturday, 17. May 2008, Peter Schneider-Kamp wrote:
the recently publicized SSL weak key generation for debian-based systems
(c.f. http://www.debian.org/security/key-rollover/)
has lead our university computing center to retract our
Gentoo-generated SSL keys based on an advisory from the German
DFN cert :-(
I could not find where these advisories are published on their site, I
guess they are not publicly distributed.
To think that any distribution is affected, simply
because they do not publicly state they are not, is a bad habit.
< ....... >
Regards,
Robert // Gentoo Security
It's something of a "lesser of two evils" situation. In the absence of
evidence either way, the only habit that would be worse is assuming that
any distribution is not affected, simply because they do not publicly
state that they are. Having said that, it's good to know that
apparently Gentoo is not impacted.
