-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 05/11/2014 10:43 PM, Kristian Fiskerstrand wrote: > On 05/06/2014 02:55 PM, Jeremy T. Bouse wrote: >> On 05/06/2014 05:08 AM, Kristian Fiskerstrand wrote: >>> Dear lists, >>> >>> Following the release of SKS 1.1.5[0] the following changes >>> will be made to the pools of sks-keyservers.net >>> >>> subset.pool.sks-keyservers.net has been set to a minimum >>> requirement of SKS 1.1.5 with immediate effect. >>> >>> Due to CVE-2014-3207[1] I want to bump >>> hkps.pool.sks-keyservers.net to a requirement of 1.1.5 as this >>> can potentially be in another security context / zone, however >>> I'm giving this a grace period of (at least) 45-60 days to >>> allow server administrators to upgrade their servers. > > In recognition of package-maintainers backporting the security > fixes to older versions of SKS for stable systems I'm revising the > latter statement a bit. I have now implemented a test for affected > servers instead of relying on the version information. This is > currently active, and non-patched servers in the HKPS pool should > now show up with an orange flag for the HKPS column. >
Adding to that, this would also keep servers that are protected due to the reverse proxy configuration remaining. - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Ad astra per aspera To the stars through thorns -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTb+k3AAoJEPw7F94F4TagWbIP/RI6lnVk9SqhcXUdPK5yPaHp 1Nd2ab9b9lSR1zr9WXLmjVmULDjSRI9Fi+iWw9N7LbKaLboB+uGfzKZcbNJES9Ar PzWBo7I+K4k/HTYJYxfFdvS8VTmaHN5O5rEz4rm+YtIlM2qWUuju5vxFJ3vsdMvF 6dfXvzcP77/whd9yTQJYHDxZpERC+Eqf203DDHS2tFR6pBxQb9ZWsu9klRVmAkLi bfXEPI2hhfPqon00X0meyPBYJ66hahJvPOLlLAtyIGc3aDpJmQS5nubKb9hahSgf ucjPfMBAl+J47ZVcabnjlCOuVNdfqXSKfryxV14i6RmT5uBmA+6+3JL4f+e0XrNq 6T2LBpyQiGWzC4iSA35dSdpA96S/izHyLMbrHK0YBZ80SglzFE4e9MssM0dG0W5f LxM0uY5Hicym0P91TjGA1n5wQMMPMCXCiivmrqSYkrLRvizVGydX0xlIlg+/9M+N IO0jN2T/yRRMJ5cAiGW6SiUhCottTQjBhxLABR4bDHfaBqC9Ok0Knsqc+In4kd3z QH+Qhs7nhhb2cDXOFXhkUM3+lJi15nzGxFSEZPmjEu5nEeOJV12fOGGjwrnaLvE8 XvDTTRkF4PXFr6hJtIZAx+YeqGDUS1X92+op1CJ+YTRZgySAeAEuTiVY8X25zds5 5VOUYTzUY9PObgBAZBaq =CDWl -----END PGP SIGNATURE----- _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel