CAcert System Admins discussion list

[Philipp Gühring <pg AT futureware.at>]

Hi,

> I reported that issue some time ago privately to 
> support AT cacert.org
>  but
> did not get any response or reaction. So I'm reporting it here again and
> hope the responsible persons are taking care about this and revoke this
> certificate _immediately_.
>
> As the subject already says svn.cacert.org is still using a compromised
> ssl key. Compromised in the sense that is one of these bad debian keys.
>
> If you want to verify this just go to http://wiki.debian.org/SSLkeys and
> look for the chksslkey script or take any other tool available to test
> the key against the generated blacklists.

Thanks for the report. A new key has been generated, a new certificate has 
been issued, and the old certificate has been revoked.

Best regards,
Philipp Gühring