On 26/08/14 14:44, Mohammed umar Sheriff wrote:
> An online version of GNU PGP signature creation will be very helpful.My laptop is not booting since i used GNU PGP.
> On Tue, Aug 26, 2014 at 5:30 PM, <security-team-request@lists.fedoraproject.org <mailto:security-team-request@lists.fedoraproject.org>> wrote:
>     Send security-team mailing list submissions to
>             security-team@lists.fedoraproject.org <mailto:security-team@lists.fedoraproject.org>
>     To subscribe or unsubscribe via the World Wide Web, visit
>             https://lists.fedoraproject.org/mailman/listinfo/security-team
>     or, via email, send a message with subject or body 'help' to
>             security-team-request@lists.fedoraproject.org <mailto:security-team-request@lists.fedoraproject.org>
>     You can reach the person managing the list at
>             security-team-owner@lists.fedoraproject.org <mailto:security-team-owner@lists.fedoraproject.org>
>     When replying, please edit your Subject line so it is more specific
>     than "Re: Contents of security-team digest..."
>     Today's Topics:
>        1. Re: Duplicate bugs or? (Eric H. Christensen)
>     ----------------------------------------------------------------------
>     Message: 1
>     Date: Mon, 25 Aug 2014 11:03:19 -0400
>     From: "Eric H. Christensen" <sparks@fedoraproject.org <mailto:sparks@fedoraproject.org>>
>     To: Fedora Security Team <security-team@lists.fedoraproject.org <mailto:security-team@lists.fedoraproject.org>>
>     Subject: Re: Duplicate bugs or?
>     Message-ID: <20140825150319.GB4250@localhost.localdomain>
>     Content-Type: text/plain; charset=us-ascii; x-action=pgp-signed

On Sat, Aug 23, 2014 at 10:03:59PM -0400, David Cafaro wrote:
> Was looking over Torque bugs (I have one I'm working on), and noticed these two which are fst_owner=Sparks:

Yeah, I had grabbed them as a result of them being EPEL orphans.

> https://bugzilla.redhat.com/show_bug.cgi?id=1098583

> https://bugzilla.redhat.com/show_bug.cgi?id=1098584

> They appear to be duplicates of each other.  The both refer to the same CVE and say they cover EPEL-ALL (yet both list EL6 as version).

Because of limited functionality in BZ, when a vulnerability affects all EPEL versions a single ticket is opened (EPEL-ALL) but the version is the latest version seen (in this case el6).

> Am I missing something or are they duplicates?  Or should one cover EL5?

These do appear to be duplicates.  This could have been a script error.  Since these tickets were opened back in May I suspect the problem has been remedied but I'll verify.  Thanks for bringing this to my attention.

-- Eric

Eric "Sparks" Christensen
Fedora Project

sparks@fedoraproject.org <mailto:sparks@fedoraproject.org> - sparks@redhat.com <mailto:sparks@redhat.com>
097C 82C3 52DF C64A 50C2  E3A3 8076 ABDE 024B B3D1

First of all, we do not use PGP, we use GnuPG (GPG), which are two very distinct applications with their own issues.
Secondly, an online signature generation would be a potential security issue, as keys to generate the signature would have to be stored online too. Keys should be securely stored on a users keyring, and that keyring should preferably be stored off a computer system anyway, for example using a smartcard.
Thirdly, I doubt very much that GnuPG (GPG) would make your system unbootable, which leads me to an earlier point of, if people gain access to your computing device, your keys are not safe.
Did somebody exploit your system ? Or did you mess about ?




Tristan Santore BSc MBCS
Network and Infrastructure Operations
Mobile +44-78-55069812

Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)

For Fedora related issues, please email me at: