Hi Chris & List, f.y.i.: the post you linked got retracted by the author because as he states missread the code interpreted it in a wrong way.
Best regards, Matthias Niethammer 2014-04-09 21:21 GMT+02:00 Chris Frederick <cdf...@cdf123.net>: > On 04/09/14 12:01, Luis Ressel wrote: > >> On Wed, 09 Apr 2014 18:39:41 +0200 >> Jo <s...@riseup.net> wrote: >> >> I'm a bit concerned about the signing keys of the portage tree >>> releases, I know that gpg is not the same as openssl but keeping in >>> mind that SSH, VPN, HTTPS keys might be compromised for two years, >>> don't you think it's a healthy measure to generate a new pair of keys? >>> >> >> SSL certifcates and credentials transmitted via SSL on affected servers >> should be renewed, but other than that, there's not that much to worry >> about as some people think. >> > > It's worth a trip to http://blog.erratasec.com/ > 2014/04/why-heartbleed-doesnt-leak-private-key.html > > It's not impossible that ssl keys could be compromised, but in most cases > it shouldn't happen. > > Chris > >
