I think this sounds like a good plan. Sent from a phone
Den fre 6 apr 2018 11:06Brian May <[email protected]> skrev: > Ola Lundqvist <[email protected]> writes: > > > This is what I think we should do. > > > > 1) Send a new DLA telling that the fix is only partial and not complete > and > > in addtion that elgamal encryption is not supported by the library and > > should not be used. > > > > 2) Mark the CVE as no-dsa/ignored in the security database. > > If so, do we update the DLA 1283-1 to remove the fixed status? I assume > we just have to update the entry in security-tracker/data/DLA/list? > > In any case, it seems like a good plan. Unless there are any objections, > I will do this next Monday. > -- > Brian May <[email protected]> >
