Can anyone shed some light on what causes the "Vulnerable to CVE-2014-3207” flag to be set in the status page (https://sks-keyservers.net/status/ks-status.php?server=<servername> <https://sks-keyservers.net/status/ks-status.php?server=%3Cservername%3E>) for a server?
Build configuration is sks-1.1.6 from source, nginx 1.15.0 configured as laid out in https://keyserver.mattrude.com/guides/building-server/
After a boot, the key server will show “No” in the CVE field and it appears to be eligible for pool inclusion. After a while, it moves to “Yes” and appears to be ineligible.
I’m trying to understand what changes from just running as the CVE seems to be on the SKS server side.
Thanks for any insight
_______________________________________________ Sks-devel mailing list [hidden email] https://lists.nongnu.org/mailman/listinfo/sks-devel