[email protected] (Trent W. Buck) writes: > Rick Moen <[email protected]> writes: >> Kurt Roeckx's good-faith effort to fix OpenSSL RNG spaghetti code[1] >> was not 'a trapdoor', but rather an unsuccessful effort to polish the >> turd that is OpenSSL. > > See also https://wiki.debian.org/SSLkeys
PS: for this reason, Debian's OpenSSH server has a CRL^W key revocation list. This is handy -- I blacklist ex-staff's known keys as defense- in-depth. Except CJ Watson wants to remove the patch, because (presumably) upstream weren't interested, and (totally understandably) maintaining distro-specific patches is a horrible thing and should be avoided where possible. I haven't had time to chat with him about it. :-( http://lists.debian.org/debian-ssh/2013/09/msg00014.html _______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
