[02:24]  * hallyn 's eyes glaze over at all of the acronyms
[02:25] <hallyn> but the extra interesting thing is that for suse they've updated it to make exceptions for wtmp and lastlog bc - wonder of wonders - it breaks applications othewrise
[02:26] <hallyn> (https://www.tenable.com/audits/items/DISA_STIG_SLES_15_v1r9.audit:c3ab5c3bf07887659067e3d5a3c784c0)
[02:29] <sarnold> lol
[02:29] <sarnold> i'm *shocked* utterly *shocked* that stomping all over the place without understanding what's happening would have consequences
[02:36] <hallyn> btw https://github.com/shadow-maint/shadow/issues/679 was the reason for my asking
[02:36] -ubottu:#ubuntu-security- Issue 679 in shadow-maint/shadow "Tighten /var/log/ default file permissions from 644 to 640" [Closed]
[02:37] <sarnold> heh, nice
=== chris14_ is now known as chris14
[04:18] <blahdeblah> LOL, nice summary hallyn: https://github.com/shadow-maint/shadow/issues/679#issuecomment-1464284312
[04:18] -ubottu:#ubuntu-security- Issue 679 in shadow-maint/shadow "Tighten /var/log/ default file permissions from 644 to 640" [Closed]
[08:08] <ebarretto> hallyn, they updated that on disa stig v1r7  
[15:33] <bancroft> Hello, sorry this is a reposted question from #ubuntu. I just got a notice that apt-key is deprecated except for apt-key del. How can I get the equivalent of `apt-key adv --refresh-keys --keyserver keyserver.ubuntu.com`? Maybe someone here has a recommended approach that would be secure? 
[15:38]  * sdeziel wishes https://wiki.debian.org/Teams/Apt/Spec/AptSign would replace GPG :)
[17:34] <teward> sdeziel: this assumes they ever completed it - Teams/Apt/Spec/AptSign (last modified 2021-06-22 05:33:13)
[17:34] <teward> so maybe that spec isn't spec
[17:35] <sdeziel> one can always dream ;)
[17:35] <teward> sdeziel: but bancroft does make a good point there's no easy replacement mechanism to refresh keys
[17:35] <teward> though it's not a  -security question on its own it begs a few questions
[17:36]  * teward summons sarnold for evil security things
[17:59] <sarnold> bancroft: there's some advice in https://blog.jak-linux.org/2021/06/20/migrating-away-apt-key/ on various replacement options
[17:59]  * sarnold starts brewing a fresh pot of coffee for teward 
[22:56] <hallyn> lol