On 26/08/14 14:44, Mohammed umar Sheriff wrote:
An online version of GNU PGP signature creation will be very
helpful.My laptop is not booting since
i used GNU PGP.
On Tue, Aug 26, 2014 at 5:30 PM,
<security-team-request(a)lists.fedoraproject.org
<mailto:security-team-request@lists.fedoraproject.org>> wrote:
Send security-team mailing list submissions to
security-team(a)lists.fedoraproject.org
<mailto:security-team@lists.fedoraproject.org>
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.fedoraproject.org/mailman/listinfo/security-team
or, via email, send a message with subject or body 'help' to
security-team-request(a)lists.fedoraproject.org
<mailto:security-team-request@lists.fedoraproject.org>
You can reach the person managing the list at
security-team-owner(a)lists.fedoraproject.org
<mailto:security-team-owner@lists.fedoraproject.org>
When replying, please edit your Subject line so it is more specific
than "Re: Contents of security-team digest..."
Today's Topics:
1. Re: Duplicate bugs or? (Eric H. Christensen)
----------------------------------------------------------------------
Message: 1
Date: Mon, 25 Aug 2014 11:03:19 -0400
From: "Eric H. Christensen" <sparks(a)fedoraproject.org
<mailto:sparks@fedoraproject.org>>
To: Fedora Security Team
<security-team(a)lists.fedoraproject.org
<mailto:security-team@lists.fedoraproject.org>>
Subject: Re: Duplicate bugs or?
Message-ID: <20140825150319.GB4250(a)localhost.localdomain>
Content-Type: text/plain; charset=us-ascii; x-action=pgp-signed
On Sat, Aug 23, 2014 at 10:03:59PM -0400, David Cafaro wrote:
> Was looking over Torque bugs (I have one I'm working on), and
noticed these two which are fst_owner=Sparks:
Yeah, I had grabbed them as a result of them being EPEL orphans.
>
https://bugzilla.redhat.com/show_bug.cgi?id=1098583
>
https://bugzilla.redhat.com/show_bug.cgi?id=1098584
> They appear to be duplicates of each other. The both refer to the
same CVE and say they cover EPEL-ALL (yet both list EL6 as version).
Because of limited functionality in BZ, when a vulnerability affects
all EPEL versions a single ticket is opened (EPEL-ALL) but the version
is the latest version seen (in this case el6).
> Am I missing something or are they duplicates? Or should one cover EL5?
These do appear to be duplicates. This could have been a script
error. Since these tickets were opened back in May I suspect the
problem has been remedied but I'll verify. Thanks for bringing this
to my attention.
-- Eric
--------------------------------------------------
Eric "Sparks" Christensen
Fedora Project
sparks(a)fedoraproject.org <mailto:sparks@fedoraproject.org> -
sparks(a)redhat.com <mailto:sparks@redhat.com>
097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
--------------------------------------------------
Mohammed,
First of all, we do not use PGP, we use GnuPG (GPG), which are two very
distinct applications with their own issues.
Secondly, an online signature generation would be a potential security
issue, as keys to generate the signature would have to be stored online
too. Keys should be securely stored on a users keyring, and that keyring
should preferably be stored off a computer system anyway, for example
using a smartcard.
Thirdly, I doubt very much that GnuPG (GPG) would make your system
unbootable, which leads me to an earlier point of, if people gain access
to your computing device, your keys are not safe.
Did somebody exploit your system ? Or did you mess about ?
Regards,
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore(a)internexusconnect.net
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore(a)fedoraproject.org