[OT] Re: Infrastructer back online?
Greetings, On Sat, Januar 10 2004 at 04:22 Matt Zimmerman wrote: On Sat, Jan 10, 2004 at 03:22:15AM +, Nick Boyce wrote: On Wed, 7 Jan 2004 19:43:02 -0800, Matt Zimmerman wrote: On Thu, Jan 08, 2004 at 04:08:23AM +0100, Martin Helas wrote: Am Mi Jan 07, 2004 at 06:5432 -0800 gab Matt Zimmerman [EMAIL PROTECTED] von sich: On Wed, Jan 07, 2004 at 10:35:30PM +0100, Jan L??hr wrote: noticing the increasing amount of secure-adv I'd like to ask, wheter the buid-deamons are back or wheter another issue is increasing the amount of advs rapidly. Everything is working again. what's about p.d.o ? There is more than one p.d.o and only one of them is not operational. That has nothing to do with security, thankfully. Erm .. people.debian.org is back online, though some people seem to be missing from it. And packages.debian.org is still offline, Any guesses when he is inspected to be only again? Is it going to to take days or weeks? Keep smiling yanosz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
gpg -- duplicated key -- how to get rid of it?
-BEGIN PGP SIGNED MESSAGE- Dear all, when I switched from my pgp 2.x installation a couple of years ago, obviously I made a mistake, at least I do not know what I made wrong... However, I get the following message all the time I refresh-keys: uccellina:~/Conf!80 gpg --refresh-keys [EMAIL PROTECTED] gpg: refreshing 1 key from wwwkeys.ch.pgp.net gpg: key D20BA2ED: duplicated user ID detected - merged gpg: key D20BA2ED: Lukas Ruf (PGP 2.x) [EMAIL PROTECTED] not changed gpg: Total number processed: 1 gpg: unchanged: 1 I fiddled around with 'edit-key' -- but could not manage to get rid of the duplicated user ID. So, my question: does anyone know a) what I did the wrong way? b) what I need to do to get rid of this error? Thanks for any enlightenment! wbr, Lukas - -- Lukas Ruf | Wanna know anything about raw | http://www.lpr.ch | IP? - http://www.rawip.org | eMail Style Guide: http://www.rawip.org/style.html| -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iQCVAwUBQAAGQmg5P0zSC6LtAQGmzgP/ZCI6sT3oUrwE0nGbbw1Fs2l+wO+cOBRG cUZAIatwd9f0GoEJC6EkYIlWfq88osGLyhhUrvzthRHF4m+CgLTbyxtw3cXfMaxL 7u0LbupydPH0KxHYSwR7DzFYAq7FkFGqWcE8zLZ+lZFFZC/3Noov6wbPIg2TVZza xfzc/RS9hxE= =fS5o -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: gpg -- duplicated key -- how to get rid of it?
/ 2004-01-10 15:03:46 +0100 \ Lukas Ruf: when I switched from my pgp 2.x installation a couple of years ago, obviously I made a mistake, at least I do not know what I made wrong... However, I get the following message all the time I refresh-keys: uccellina:~/Conf!80 gpg --refresh-keys [EMAIL PROTECTED] gpg: refreshing 1 key from wwwkeys.ch.pgp.net gpg: key D20BA2ED: duplicated user ID detected - merged gpg: key D20BA2ED: Lukas Ruf (PGP 2.x) [EMAIL PROTECTED] not changed gpg: Total number processed: 1 gpg: unchanged: 1 I fiddled around with 'edit-key' -- but could not manage to get rid of the duplicated user ID. So, my question: does anyone know a) what I did the wrong way? b) what I need to do to get rid of this error? make a backup of your key ring read /usr/share/doc/packages/gpg/DETAILS or wherever that is on your box, try gpg --list-keys --with-colons, which should make it easier to find what exactly may be wrong use gpg --delete-key fingerprint to get rid of the key, if you really mean it if unlikely and inconvenient, it still may be legal to have duplicate UIDs ... Lars Ellenberg -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
[OT] Re: Infrastructer back online?
Greetings, On Sat, Januar 10 2004 at 04:22 Matt Zimmerman wrote: On Sat, Jan 10, 2004 at 03:22:15AM +, Nick Boyce wrote: On Wed, 7 Jan 2004 19:43:02 -0800, Matt Zimmerman wrote: On Thu, Jan 08, 2004 at 04:08:23AM +0100, Martin Helas wrote: Am Mi Jan 07, 2004 at 06:5432 -0800 gab Matt Zimmerman [EMAIL PROTECTED] von sich: On Wed, Jan 07, 2004 at 10:35:30PM +0100, Jan L??hr wrote: noticing the increasing amount of secure-adv I'd like to ask, wheter the buid-deamons are back or wheter another issue is increasing the amount of advs rapidly. Everything is working again. what's about p.d.o ? There is more than one p.d.o and only one of them is not operational. That has nothing to do with security, thankfully. Erm .. people.debian.org is back online, though some people seem to be missing from it. And packages.debian.org is still offline, Any guesses when he is inspected to be only again? Is it going to to take days or weeks? Keep smiling yanosz
Re: gpg -- duplicated key -- how to get rid of it?
/ 2004-01-10 15:03:46 +0100 \ Lukas Ruf: when I switched from my pgp 2.x installation a couple of years ago, obviously I made a mistake, at least I do not know what I made wrong... However, I get the following message all the time I refresh-keys: uccellina:~/Conf!80 gpg --refresh-keys [EMAIL PROTECTED] gpg: refreshing 1 key from wwwkeys.ch.pgp.net gpg: key D20BA2ED: duplicated user ID detected - merged gpg: key D20BA2ED: Lukas Ruf (PGP 2.x) [EMAIL PROTECTED] not changed gpg: Total number processed: 1 gpg: unchanged: 1 I fiddled around with 'edit-key' -- but could not manage to get rid of the duplicated user ID. So, my question: does anyone know a) what I did the wrong way? b) what I need to do to get rid of this error? make a backup of your key ring read /usr/share/doc/packages/gpg/DETAILS or wherever that is on your box, try gpg --list-keys --with-colons, which should make it easier to find what exactly may be wrong use gpg --delete-key fingerprint to get rid of the key, if you really mean it if unlikely and inconvenient, it still may be legal to have duplicate UIDs ... Lars Ellenberg
Re: Infrastructer back online?
On Fri, Jan 09, 2004 at 10:51:55PM -0500, Tim Cunningham wrote: On Sat, 10 Jan 2004 03:22:15 + Nick Boyce [EMAIL PROTECTED] wrote: Which is the announcement about the November compromise. That makes it sound like it _is_ a security issue .. I think he ment that it wasn't important to maintaining the security of Debian. maybe, but when I read this: On Wed, Jan 07, 2004 at 06:54:32PM -0800, Matt Zimmerman wrote: On Wed, Jan 07, 2004 at 10:35:30PM +0100, Jan L??hr wrote: noticing the increasing amount of secure-adv I'd like to ask, wheter the buid-deamons are back or wheter another issue is increasing the amount of advs rapidly. Everything is working again. I have to think I'm either missing the meaning of everything or working. esp when I look on packages.debian.org, which I would intuitively refer to as the debian archive. Does this mean everything is correctly under construction? -- and I needn't worry about anything I cannot make sense of? (Things will only get better now..) I certainly feel I'm being wedged into the same corner as when I got security urgency=high updates before security.debian.org was taken off line and an announcement that debian.org was compromised. (Compulsion to audit _everything_.) But I did later learn that all that coincided with r2 (the new packages wern't urgent and all the urgent packages where old updates), and therefore I was current and safe through it, even though I didn't get an r2 announcement, or timely supplementary info. Maybe my nerves would have been calmer if I was following IRC, where I guess the news was? Hey, what happened, happened. My point is that even if there was no more information or more timely distribution of technical facts, more verbosity as to threat assessment, hypothesis and conclusion, would have made a world of difference for the humans depending on the debian integrity; via third party website or otherwise. If that can be accepted, then my second observation is the complete lack of post mortem commentary of the forensics used. What percentage of debian users know how to mount -oloop a dd image? What _is_ the next step? In the spirit of GNU/debian I would hope the technical leads would have some volition to mentor less skilled admins on the techniques used to unwind the messr. I haven't _looked_ for post mortem notes but I'm surprised not to have so much as heard that they are around. // George -- GEORGE GEORGALIS, System Admin/Architectcell: 646-331-2027IXOYE Security Services, Web, Mail,mailto:[EMAIL PROTECTED] Multimedia, DB, DNS and Metrics. http://www.galis.org/george
gpg -- duplicated key -- how to get rid of it?
-BEGIN PGP SIGNED MESSAGE- Dear all, when I switched from my pgp 2.x installation a couple of years ago, obviously I made a mistake, at least I do not know what I made wrong... However, I get the following message all the time I refresh-keys: uccellina:~/Conf!80 gpg --refresh-keys [EMAIL PROTECTED] gpg: refreshing 1 key from wwwkeys.ch.pgp.net gpg: key D20BA2ED: duplicated user ID detected - merged gpg: key D20BA2ED: Lukas Ruf (PGP 2.x) [EMAIL PROTECTED] not changed gpg: Total number processed: 1 gpg: unchanged: 1 I fiddled around with 'edit-key' -- but could not manage to get rid of the duplicated user ID. So, my question: does anyone know a) what I did the wrong way? b) what I need to do to get rid of this error? Thanks for any enlightenment! wbr, Lukas - -- Lukas Ruf | Wanna know anything about raw | http://www.lpr.ch | IP? - http://www.rawip.org | eMail Style Guide: http://www.rawip.org/style.html| -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iQCVAwUBQAAGQmg5P0zSC6LtAQGmzgP/ZCI6sT3oUrwE0nGbbw1Fs2l+wO+cOBRG cUZAIatwd9f0GoEJC6EkYIlWfq88osGLyhhUrvzthRHF4m+CgLTbyxtw3cXfMaxL 7u0LbupydPH0KxHYSwR7DzFYAq7FkFGqWcE8zLZ+lZFFZC/3Noov6wbPIg2TVZza xfzc/RS9hxE= =fS5o -END PGP SIGNATURE-
