On 26/08/14 14:44, Mohammed umar Sheriff wrote:
> An online version of GNU PGP
signature creation will be very helpful.My laptop is not booting
since i used GNU PGP.
>
>
> On Tue, Aug 26, 2014 at 5:30 PM,
<security-team-request@lists.fedoraproject.org
<mailto:security-team-request@lists.fedoraproject.org>>
wrote:
>
> Send security-team mailing list submissions to
> security-team@lists.fedoraproject.org
<mailto:security-team@lists.fedoraproject.org>
>
> To subscribe or unsubscribe via the World Wide Web, visit
>
https://lists.fedoraproject.org/mailman/listinfo/security-team
> or, via email, send a message with subject or body 'help'
to
> security-team-request@lists.fedoraproject.org
<mailto:security-team-request@lists.fedoraproject.org>
>
> You can reach the person managing the list at
> security-team-owner@lists.fedoraproject.org
<mailto:security-team-owner@lists.fedoraproject.org>
>
> When replying, please edit your Subject line so it is
more specific
> than "Re: Contents of security-team digest..."
>
>
> Today's Topics:
>
> 1. Re: Duplicate bugs or? (Eric H. Christensen)
>
>
>
----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 25 Aug 2014 11:03:19 -0400
> From: "Eric H. Christensen" <sparks@fedoraproject.org
<mailto:sparks@fedoraproject.org>>
> To: Fedora Security Team
<security-team@lists.fedoraproject.org
<mailto:security-team@lists.fedoraproject.org>>
> Subject: Re: Duplicate bugs or?
> Message-ID:
<20140825150319.GB4250@localhost.localdomain>
> Content-Type: text/plain; charset=us-ascii;
x-action=pgp-signed
>
On Sat, Aug 23, 2014 at 10:03:59PM -0400,
David Cafaro wrote:
> Was looking over Torque bugs (I have one I'm working on), and
noticed these two which are fst_owner=Sparks:
Yeah, I had grabbed them as a result of them being EPEL orphans.
> https://bugzilla.redhat.com/show_bug.cgi?id=1098583
> https://bugzilla.redhat.com/show_bug.cgi?id=1098584
> They appear to be duplicates of each other. The both refer
to the same CVE and say they cover EPEL-ALL (yet both list EL6 as
version).
Because of limited functionality in BZ, when a vulnerability
affects all EPEL versions a single ticket is opened (EPEL-ALL) but
the version is the latest version seen (in this case el6).
> Am I missing something or are they duplicates? Or should one
cover EL5?
These do appear to be duplicates. This could have been a script
error. Since these tickets were opened back in May I suspect the
problem has been remedied but I'll verify. Thanks for bringing
this to my attention.
-- Eric
--------------------------------------------------
Eric "Sparks" Christensen
Fedora Project
sparks@fedoraproject.org <mailto:sparks@fedoraproject.org> -
sparks@redhat.com <mailto:sparks@redhat.com>
097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
--------------------------------------------------
Mohammed,
First of all, we do not use PGP, we use GnuPG (GPG), which are two
very distinct applications with their own issues.
Secondly, an online signature generation would be a potential
security issue, as keys to generate the signature would have to be
stored online too. Keys should be securely stored on a users
keyring, and that keyring should preferably be stored off a computer
system anyway, for example using a smartcard.
Thirdly, I doubt very much that GnuPG (GPG) would make your system
unbootable, which leads me to an earlier point of, if people gain
access to your computing device, your keys are not safe.
Did somebody exploit your system ? Or did you mess about ?
Regards,
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore@internexusconnect.net
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore@fedoraproject.org