Everyone ought to change their github passwords

and perhaps all their other passwords just to be on the safe side.

apparently any web service that uses openssl is potentially affected. thats almost the whole internet… I doubt anyone here is a particularly interesting target, but better safe than sorry i guess.

Btw, ssh (keys) are save, if you use public-private key authentification, they can only grab the public key, wich is public anyway.

The server of course, could be compromised, but at least no need to regenerate the private key.