Bug#619439: Please do _not_ distribute gnutls-params in the package
Klaus at Ethgen.de
Thu Mar 24 19:52:10 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
> Good evening,
The same to you, thanks.
Am Do den 24. Mär 2011 um 19:22 schrieb Andreas Metzler:
> > The file /var/spool/exim4/gnutls-params can be find in exim4-base. This
> > file is of security relevance for TLS sessions of exim. So this file
> > must not shared between different installations and must not be readable
> > by other than exim itself.
> could you please consult <http://bugs.debian.org/475194> and
> doublecheck whether you have new info to add?
So let me sum up. You did change that due a anonymous person was
thinking that he (or she) is better than the people that program exim?
I'm not in the material to tell if it is true or false he says but there
is the recommendation in the manual and just a word of a anonymous is
enough to change the settings to a possible more insecure setting.
But I will go into the cryptographic basics to see if he is true. Until
then I cannot say that is is secure to open that prime material to the
world and the fact that debian is trusting a anonymous more than the
exim people do not higher my trust in that package. Sorry to say.
Klaus Ethgen http://www.ethgen.ch/
pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <Klaus at Ethgen.de>
Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Pkg-exim4-maintainers