Just because it's not from Debian doesn't mean that it hasn't been tampered with, Eddy. Any "downstream" that has access to the code can do the same thing no matter who they are.
-Kyle H 2008/6/12 Eddy Nigg (StartCom Ltd.) <[EMAIL PROTECTED]>: > Nelson B Bolyard: > > That's certainly not how the NSS team ships certutil. Sounds like another > case of somebody playing with crypto code. Is this another Debian Debacle > in the making? I wonder if the PRNG code in that distro of NSS is intact. > :( > > > Oh Nelson! How many times do I have to tell you that I have NOTHING to do > with Debian? Arrrrg :-) > > As a matter of fact, I found a certutil inside a somewhat forgotten Red > Hat/Fedora Directory Server * installation. It came in quite handy...and > this is the last time I'm telling you: StartCom Linux is what we run > here...it's based on Red Hat Enterprise Linux ;-) > > * That's the one Red Hat bought from Netscape and open sourced... > > Regards > > Signer: Eddy Nigg, StartCom Ltd. > Jabber: [EMAIL PROTECTED] > Blog: Join the Revolution! > Phone: +1.213.341.0390 > > > > > > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
