Quoting Thiemo Nagel ([email protected]): > Dear Christian, > > I really appreciate your confidence in me... ;-) > > BTW: I found this gem in man urandom (emphasis mine): "As a general > rule, /dev/urandom should be used for everything *except* long-lived > GPG/SSL/SSH keys." As the md-crypt master key probably is a prime > example for a long-lived cryptographic key: do you think it would be > adequate to tag the bug "security" and/or to increase its severity? > Which (point) release would you like to aim for to resolve the issue?
Probably none. I think it's quite unlikely that we go and fix this for wheezy, and more likely that it's addressed only in jessie. Sad, but probably realistic..:-)
signature.asc
Description: Digital signature
