Christian PERRIER <[email protected]> (2013-09-23): > Quoting Thiemo Nagel ([email protected]): > > Dear Christian, > > > > I really appreciate your confidence in me... ;-) > > > > BTW: I found this gem in man urandom (emphasis mine): "As a general > > rule, /dev/urandom should be used for everything *except* long-lived > > GPG/SSL/SSH keys." As the md-crypt master key probably is a prime > > example for a long-lived cryptographic key: do you think it would be > > adequate to tag the bug "security" and/or to increase its severity? > > Which (point) release would you like to aim for to resolve the issue? > > > Probably none. I think it's quite unlikely that we go and fix this for > wheezy, and more likely that it's addressed only in jessie.
We could think of fixing it in wheezy, but surely not before it has been exposed to unstable/testing users for a while; meaning not the next point release in any cases. Mraw, KiBi. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
