Hi,

this email contains several important points. Please read all of it
carefully.

Due to the weakness in our openssl's random number generator (see the
Debian Security Advisory #1571 from a few minutes ago[1]) that affects
among other things ssh keys we have disabled public key auth on all
project systems until further notice.

If you operate a service on debian.org machines that requires key based
auth for instance to transfer stuff between hosts or to push rebuilds
please contact DSA[2] after you verified the keys in question are safe,
or have replaced them. We can enable individual accounts' key based
access.

Export of ssh keys from the LDAP to our machines is currently disabled,
and will be enabled only after we have cleared all ssh keys from the
database and put resonable safeguards in place to prevent people from
uploading bad keys. An announcement will be made on the mailinglist
debian-infrastructure-announce[4] at such time. There is no point
in adding new keys to the ldap right now.