On 2013-01-02 14:34:58 +0100, Sebastian Ramacher wrote: > On 2013-01-02 12:35:36, Michael Bienia wrote: > > 1: There would be an other option: to undo the change in python-crypto > > which enforces an non-empty IV but it's not a sane option security-wise. > > NACK with my python-crypto maintainer hat on. I'm not opening this can > of worms again. One CVE because of that is already one to much.
I didn't expect that this solution would be acceptable and would be surprised if it would have become the chosen solution (I just listed it for completeness) as it would re-open a bug and mask an other bug in python-keyring instead of fixing it. Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
