On Tue, Sep 20, 2016 at 05:57:59PM -0400, Steve Kinney wrote:
search the interwebz for references.
TL;DR
Here are some links of the more important screwups IMHO. Suspect zero or more of (spec) backdoors, social engineering, gross incompetence: https://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000160.html gpg GnuPG's ElGamal signing keys compromised Thu Nov 27 09:29:51 CET 2003 https://www.debian.org/security/2008/dsa-1571 13 May 2008 Debian It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch. Furthermore, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised; the Digital Signature Algorithm relies on a secret random value used during signature generation. [1] http://seclists.org/fulldisclosure/2011/Sep/221 Thu, 22 Sep 2011 Ubuntu Importing trusted apt gpg keys uses "--list-sigs", which doesn't check the signatures. Also trivial keyid collisions. https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128 2012-06-14 Ubuntu Trivial import of trusted apt gpg keys via easy collision of the long keyid (probably spec backdoor). Circumvents the pseudo fix for [1]. https://lwn.net/Articles/22991/ (not crypto), Debian, micq February 18, 2003 Mr. Kuhlmann decided that enough was enough, and he was going to take some action. As of mICQ 0.4.10.1, the code will, when built for the Debian distribution, print out a message which says some unflattering things about Mr. Loschwitz and encourages use of a different version; the program then exits. In other words, when built for Debian, mICQ thumbs its nose at the user and refuses to run. To help ensure that this code got into the official Debian version, it was written in an obfuscated manner, set to trigger only after February 11, and only if it was not being run by Mr. Loschwitz. For the curious, here is a posting containing the code in question.