Check if your ssh key is safe.
Because not everyone will follow the security announcements of debian very closely.
Debian has discovered a serious issue with openssl, that means your ssh key can be less secure than you expect.
Details at: http://wiki.debian.org/SSLkeys
What does it mean for KDE? If you use svn+ssh, you need to check if you are hit by this bug, read the wiki page carefully and take appropiate action.
If you change your key, send the public part of it to sysadmin@kde.org and do not forget to mention your username.
If you are using https to access kde’s svn, there is no problem as far as i can tell.
This issue was specific to Debian’s builds of openssl. If ktown, svn or other servers allowing user logins were running a vulnerable openssl, that’s a different story. Please enumerate which systems were vulnerable so that users of these systems can make the appropriate adjustments.
This post was great and reusable… http://blogs.gnome.org/ovitters/2008/05/13/check-if-your-ssh-key-is-safe/ ;-)
Unless the “other distribution” happens to be derived from Debian (such as Ubuntu, which has issued its own security advisory), no (crossing fingers, hoping nobody else copied the broken patch from Debian).
HTTPS would be vulnerable if the keys for SSL were generated on a compromised system (like a Debian server), but then the administrators would have to regenerate their private keys and certificates. In addition users would need to change their passwords in case theirs were sniffed via the compromised key.
Does this also apply to other distributions (I’m using openSUSE)?