[Ambassadors] Debian Bug Leaves Private SSL/SSH Keys Guessable

Benjamin Lewis ben.lewis at benl.co.uk
Thu May 15 19:59:17 UTC 2008

On Thursday 15 May 2008 20:55:04 Matt Domsch wrote:
> On Thu, May 15, 2008 at 12:34:55PM +0200, Elio Tondo wrote:
> > Sorry if this is somewhat off-topic, but it's good to know that Fedora is
> > immune from this bug... "This problem not only affects Debian, but also
> > all its derivatives, such as Ubuntu."
> >
> > http://it.slashdot.org/article.pl?sid=08/05/13/1533212&from=rss
> To be clear, we got lucky on this one.  It would be entirely possible
> for us to get caught in the opposite role on another vulnerability.
> Vigilance!
> --
> Fedora-ambassadors-list mailing list
> Fedora-ambassadors-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-ambassadors-list

Surely our policy of following upstream closely would actually mean that it 
would be more likely that _everyone_ gets caught, as Debian (hence Ubuntu) 
patch things to a much greater extent?

In any case, this sort of affirms the idea that upstream quite often knows 
best in cases like this.


Benjamin Lewis
Fedora Ambassador
ben.lewis at benl.co.uk

http://benl.co.uk./                                 PGP Key: 0x647E480C

"In cases of major discrepancy, it is always reality that got it wrong"
                                                        -- RFC 1118
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 835 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-ambassadors-list/attachments/20080515/78f4194e/attachment.sig>

More information about the Fedora-ambassadors-list mailing list