Le mardi 17 octobre 2017 à 18:56 +0900, Marc Dequènes (Duck) a écrit : > Quack, > > So the news (thanks Misc for the alert): > > https://www.infineon.com/cms/en/product/promopages/rsa-update/rsa-bac > kground > > This affects Yubikeys and other hardware: > https://www.yubico.com/support/security-advisories/ysa-2017-01/ > > There's a nice tool to test if a key is vulnerable: > https://github.com/crocs-muni/roca > > I tested keys in the oVirt Puppet repository and none are affected. > > You may check your other keys and ensure keys are checked in other > projects.
Ideally, if someone could verify the key in Gerrit, it would be helpful. I removed mine, but I suspect i am not the only one who tried to follow best practices :) Debian, Github and Fedora did sent alert to people affected, and I am in the process of changing my key from the 50 to 60 place where I used it and I assume most affected people will be aware somehow, but automated removal from vulnerable systems would surely help. -- Michael Scherer Sysadmin, Community Infrastructure and Platform, OSAS
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra