On Tue, Oct 17, 2017 at 1:31 PM, Michael Scherer <msche...@redhat.com> wrote:
> Le mardi 17 octobre 2017 à 18:56 +0900, Marc Dequènes (Duck) a écrit : > > Quack, > > > > So the news (thanks Misc for the alert): > > > > https://www.infineon.com/cms/en/product/promopages/rsa-update/rsa-bac > > kground > > > > This affects Yubikeys and other hardware: > > https://www.yubico.com/support/security-advisories/ysa-2017-01/ > > > > There's a nice tool to test if a key is vulnerable: > > https://github.com/crocs-muni/roca > > > > I tested keys in the oVirt Puppet repository and none are affected. > > > > You may check your other keys and ensure keys are checked in other > > projects. > > Ideally, if someone could verify the key in Gerrit, it would be > helpful. I removed mine, but I suspect i am not the only one who tried > to follow best practices :) > If you run the tool locally on your .ssh/ dir, it should include already the public key you have on Gerrit no? We'll need to check if its possible to run that tool on Gerrit and if the keys are even stored on the fs and not inside the Gerrit DB. > > > Debian, Github and Fedora did sent alert to people affected, and I am > in the process of changing my key from the 50 to 60 place where I used > it and I assume most affected people will be aware somehow, but > automated removal from vulnerable systems would surely help. > > -- > Michael Scherer > Sysadmin, Community Infrastructure and Platform, OSAS > > > _______________________________________________ > Infra mailing list > Infra@ovirt.org > http://lists.ovirt.org/mailman/listinfo/infra > > -- Eyal edri MANAGER RHV DevOps EMEA VIRTUALIZATION R&D Red Hat EMEA <https://www.redhat.com/> <https://red.ht/sig> TRIED. TESTED. TRUSTED. <https://redhat.com/trusted> phone: +972-9-7692018 irc: eedri (on #tlv #rhev-dev #rhev-integ)
_______________________________________________ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
