-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA224
All,
The QuickBuild SSL certificate recently expired. I am fully aware of the situation, however my CA (StartCom) is dragging their feet such that it will likely be several weeks before this can be resolved. The site is still as secure as before; to use QuickBuild in the meantime please ignore the certificate expiration warning.
Thank you for your patience and understanding.
Timothy Pearson Trinity Desktop Project
Now that you are talking about security, it reminds me that few months ago it has been noted on Debian mailing list that Debian maintainers should use 2048 or 4096-bit gpg keys and they consider 1024-bit keys to be bruteforceable. (http://article.gmane.org/gmane.linux.debian.devel.project/22458).
Trinity QuickBuild repository key is only 1024-bit rsa (1024R/2B8638D0). Same for the QuickBuild axis key (1024R/80479E11).
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA224
Now that you are talking about security, it reminds me that few months ago it has been noted on Debian mailing list that Debian maintainers should use 2048 or 4096-bit gpg keys and they consider 1024-bit keys to be bruteforceable. (http://article.gmane.org/gmane.linux.debian.devel.project/22458).
Trinity QuickBuild repository key is only 1024-bit rsa (1024R/2B8638D0). Same for the QuickBuild axis key (1024R/80479E11).
Sounds like an update is in order. I'll try to get this changed shortly; probably in the next QuickBuild maintenance window.
Thanks!
Tim
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA224
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA224
Now that you are talking about security, it reminds me that few months ago it has been noted on Debian mailing list that Debian maintainers should use 2048 or 4096-bit gpg keys and they consider 1024-bit keys to be bruteforceable. (http://article.gmane.org/gmane.linux.debian.devel.project/22458).
Trinity QuickBuild repository key is only 1024-bit rsa (1024R/2B8638D0). Same for the QuickBuild axis key (1024R/80479E11).
Sounds like an update is in order. I'll try to get this changed shortly; probably in the next QuickBuild maintenance window.
Thanks!
Tim -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iFYEARELAAYFAlOT8TQACgkQLaxZSoRZrGHoyQDgm4xeMKg7gM/tsmkD1fR93/ka TFHJZSGPlTTkQwDfQPoBIUDXyvPh5f8kdw/Zz6kvJ8DpdVrt35y3Zg== =iDkZ -----END PGP SIGNATURE-----
Keys have been updated: http://trinity-announce.pearsoncomputing.net/?0::29
New keyring packages will be uploaded shortly.
Tim
-
Jan Janecek -
Timothy Pearson