[Ambassadors] Debian Bug Leaves Private SSL/SSH Keys Guessable
Benjamin Lewis
ben.lewis at benl.co.uk
Thu May 15 19:59:17 UTC 2008
On Thursday 15 May 2008 20:55:04 Matt Domsch wrote:
> On Thu, May 15, 2008 at 12:34:55PM +0200, Elio Tondo wrote:
> > Sorry if this is somewhat off-topic, but it's good to know that Fedora is
> > immune from this bug... "This problem not only affects Debian, but also
> > all its derivatives, such as Ubuntu."
> >
> > http://it.slashdot.org/article.pl?sid=08/05/13/1533212&from=rss
>
> To be clear, we got lucky on this one. It would be entirely possible
> for us to get caught in the opposite role on another vulnerability.
>
> Vigilance!
>
> --
> Fedora-ambassadors-list mailing list
> Fedora-ambassadors-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-ambassadors-list
Surely our policy of following upstream closely would actually mean that it
would be more likely that _everyone_ gets caught, as Debian (hence Ubuntu)
patch things to a much greater extent?
In any case, this sort of affirms the idea that upstream quite often knows
best in cases like this.
--
Benjamin Lewis
Fedora Ambassador
ben.lewis at benl.co.uk
-----------------------------------------------------------------------
http://benl.co.uk./ PGP Key: 0x647E480C
"In cases of major discrepancy, it is always reality that got it wrong"
-- RFC 1118
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 835 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-ambassadors-list/attachments/20080515/78f4194e/attachment.sig>
More information about the Fedora-ambassadors-list
mailing list