An online version of GNU PGP signature creation will be very helpful.My laptop is not booting since i used GNU PGP.
On Tue, Aug 26, 2014 at 5:30 PM, < security-team-request@lists.fedoraproject.org> wrote:
Send security-team mailing list submissions to security-team@lists.fedoraproject.org
To subscribe or unsubscribe via the World Wide Web, visit https://lists.fedoraproject.org/mailman/listinfo/security-team or, via email, send a message with subject or body 'help' to security-team-request@lists.fedoraproject.org
You can reach the person managing the list at security-team-owner@lists.fedoraproject.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of security-team digest..."
Today's Topics:
- Re: Duplicate bugs or? (Eric H. Christensen)
Message: 1 Date: Mon, 25 Aug 2014 11:03:19 -0400 From: "Eric H. Christensen" sparks@fedoraproject.org To: Fedora Security Team security-team@lists.fedoraproject.org Subject: Re: Duplicate bugs or? Message-ID: 20140825150319.GB4250@localhost.localdomain Content-Type: text/plain; charset=us-ascii; x-action=pgp-signed
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On Sat, Aug 23, 2014 at 10:03:59PM -0400, David Cafaro wrote:
Was looking over Torque bugs (I have one I'm working on), and noticed
these two which are fst_owner=Sparks:
Yeah, I had grabbed them as a result of them being EPEL orphans.
https://bugzilla.redhat.com/show_bug.cgi?id=1098583
https://bugzilla.redhat.com/show_bug.cgi?id=1098584
They appear to be duplicates of each other. The both refer to the same
CVE and say they cover EPEL-ALL (yet both list EL6 as version).
Because of limited functionality in BZ, when a vulnerability affects all EPEL versions a single ticket is opened (EPEL-ALL) but the version is the latest version seen (in this case el6).
Am I missing something or are they duplicates? Or should one cover EL5?
These do appear to be duplicates. This could have been a script error. Since these tickets were opened back in May I suspect the problem has been remedied but I'll verify. Thanks for bringing this to my attention.
- -- Eric
Eric "Sparks" Christensen Fedora Project
sparks@fedoraproject.org - sparks@redhat.com 097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQGcBAEBCgAGBQJT+1A0AAoJEB/kgVGp2CYvB14MAJf4ooWRtyxwb0P1U998Qg1x 1g40wdWyxUTYUb6D+ypdRoOcpLMwNFxWCf0LB5pWCgT8MzISR0HpgMfgDCgPq382 kwk7o2FOqc0a5RgnXAOdYSxb1bVjgepDOhGwolcqfo2kuTRCjP2/9/ehX43UKtQA 5qENZzqIt9oaIgsKa0yF8keUwFTEtOt9RhLhK/+QH/ZvBGIstPeV9AY76hYKmbZ/ Wr1Ewcvr/gTZsmg90idp2KrNfdSF7s3AtCZc/uraQCn/zZHMzGdrwZcM7KkH7EJ1 G/tMWneAgnFyADWhKp4IjPboPguOamRuAS3nlEsTCv2SGw8VZ+eEF/MQ2/6iPcv3 PwGz6BQU1TjDUolbn5ep/CyO81utiYtGJBdTGXtlUgmdyV02CQca7Ur0hNFQE4GG fO//v4ZZhFWue2FBWozPoC+/LINgBgkusRX8Tz0lEtxeuuvlA9ZXuIO1loit8l5V wmrsg01RTouPxslFu7khnsoP/Zi1uPRL+bqNrbFPbA== =qmtJ -----END PGP SIGNATURE-----
security-team mailing list security-team@lists.fedoraproject.org https://lists.fedoraproject.org/mailman/listinfo/security-team
End of security-team Digest, Vol 2, Issue 24
On 26/08/14 14:44, Mohammed umar Sheriff wrote:
An online version of GNU PGP signature creation will be very helpful.My laptop is not booting since
i used GNU PGP.
On Tue, Aug 26, 2014 at 5:30 PM,
<security-team-request@lists.fedoraproject.org mailto:security-team-request@lists.fedoraproject.org> wrote:
Send security-team mailing list submissions to security-team@lists.fedoraproject.org
mailto:security-team@lists.fedoraproject.org
To subscribe or unsubscribe via the World Wide Web, visit https://lists.fedoraproject.org/mailman/listinfo/security-team or, via email, send a message with subject or body 'help' to security-team-request@lists.fedoraproject.org
mailto:security-team-request@lists.fedoraproject.org
You can reach the person managing the list at security-team-owner@lists.fedoraproject.org
mailto:security-team-owner@lists.fedoraproject.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of security-team digest..." Today's Topics: 1. Re: Duplicate bugs or? (Eric H. Christensen) ---------------------------------------------------------------------- Message: 1 Date: Mon, 25 Aug 2014 11:03:19 -0400 From: "Eric H. Christensen" <sparks@fedoraproject.org
mailto:sparks@fedoraproject.org>
To: Fedora Security Team <security-team@lists.fedoraproject.org
mailto:security-team@lists.fedoraproject.org>
Subject: Re: Duplicate bugs or? Message-ID: <20140825150319.GB4250@localhost.localdomain> Content-Type: text/plain; charset=us-ascii; x-action=pgp-signedOn Sat, Aug 23, 2014 at 10:03:59PM -0400, David Cafaro wrote:
Was looking over Torque bugs (I have one I'm working on), and
noticed these two which are fst_owner=Sparks:
Yeah, I had grabbed them as a result of them being EPEL orphans.
They appear to be duplicates of each other. The both refer to the
same CVE and say they cover EPEL-ALL (yet both list EL6 as version).
Because of limited functionality in BZ, when a vulnerability affects all EPEL versions a single ticket is opened (EPEL-ALL) but the version is the latest version seen (in this case el6).
Am I missing something or are they duplicates? Or should one cover EL5?
These do appear to be duplicates. This could have been a script error. Since these tickets were opened back in May I suspect the problem has been remedied but I'll verify. Thanks for bringing this to my attention.
-- Eric
Eric "Sparks" Christensen Fedora Project
sparks@fedoraproject.org mailto:sparks@fedoraproject.org - sparks@redhat.com mailto:sparks@redhat.com 097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
Mohammed,
First of all, we do not use PGP, we use GnuPG (GPG), which are two very distinct applications with their own issues. Secondly, an online signature generation would be a potential security issue, as keys to generate the signature would have to be stored online too. Keys should be securely stored on a users keyring, and that keyring should preferably be stored off a computer system anyway, for example using a smartcard. Thirdly, I doubt very much that GnuPG (GPG) would make your system unbootable, which leads me to an earlier point of, if people gain access to your computing device, your keys are not safe. Did somebody exploit your system ? Or did you mess about ?
Regards,
Tristan
security-team@lists.fedoraproject.org
-
Mohammed umar Sheriff -
Tristan Santore