[Pkg-openssl-devel] [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Alberto Gonzalez Iniesta
agi at inittab.org
Tue May 20 15:37:49 UTC 2008
On Tue, May 20, 2008 at 04:48:43PM +0200, Christoph Martin wrote:
> Hi Alberto,
>
> Alberto Gonzalez Iniesta schrieb:
> > On Mon, May 19, 2008 at 01:13:46PM +0200, Christoph Martin wrote:
> >> The Ubuntu openssl maintainers released a openssl-blacklist equivalent
> >> to the openssh-blacklist package. It includes a blacklist with
> >> compromised openssl key hashes and a program with a openssl-vulnkey
> >> program suitable to test your openssl key files.
> >>
> >> I think it would be a good think to coordinate the work between debian
> >> and ubuntu and to incorporate this package into debian main.
> >
> > The coordination has already started and the package will be in Debian
> > soon.
>
> I am somewhat irritated. Who is building the package and who is
> coordinating with whom? I am on the
> pkg-openssl-devel at lists.alioth.debian.org list (and one of the
> Maintainers of Debian openssl) and did not get any message about this.
>
> So please coordinate with the Debian openssl maintainers.
The package is being build by its original author (Jamie) and everything
got started when the OpenVPN maintainer (me) decided to add secret/key
file validation like the one on the Ubuntu package. Since those
validations required open(ssl|vpn)-blacklist packages, I contacted with
Jamie and Kees from Ubuntu and Debian's Security Team.
--
Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico
agi@(inittab.org|debian.org)| en GNU/Linux y software libre
Encrypted mail preferred | http://inittab.com
Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3
More information about the Pkg-openssl-devel
mailing list