Hi Chris,
On Thu, June 12, 2014 01:06, Christoph Anton Mitterer wrote:
> reopen 749795
> stop
A better way would be to add more 'found' versions so the BTS version
tracking shows this bug as affecting stable.
> Anyone who believed in getting trusted sources might have been attacked
> with forged
Hi,
Steve Langasek:
> Debian should do the right thing, regardless of what upstreams may believe.
>
I don't trust the hardware random generator. At all. Given what's been
revealed about the NSA so far, being extra paranoid about anything we
cannot verify to be secure is the right thing to do.
Th
Joey Hess wrote:
> Josh Triplett wrote:
> > However, just as we encourage projects to reuse libraries rather than
> > copying code around, we *should* encourage projects to use standardized
> > randomness libraries rather than hardcoding rdrand (or, for that matter,
> > hardcoding /dev/urandom).
>
Christoph Anton Mitterer wrote:
> reopen 749795
> I'm reopening this for now, even if the issue is solved from a technical
> point of view (see below why).
AAICS, #749795 talked about bringing this to the security team's
attention, but they never seem to have been CCed.
So the security team may n
Jacob Appelbaum wrote:
> On 6/11/14, Joey Hess wrote:
> > I stumbled over a library which has switched to using RDRAND in a new
> > upsteam version (not yet packaged), instead of /dev/urandom[1].
>
> Which library is using it?
I didn't want to name names and am more interested in the general
que
Josh Triplett wrote:
> However, just as we encourage projects to reuse libraries rather than
> copying code around, we *should* encourage projects to use standardized
> randomness libraries rather than hardcoding rdrand (or, for that matter,
> hardcoding /dev/urandom).
Performance aside, why is a
Changer votre adresse email dans votre profil de compte
http://www.newsletter-priceminister.com/_c.aspx?i=19302589&en=7090770669&m=1684&e=debian-devel@lists.debian.org&r=46
Bonjour,
Brahemi Makouri vous a offert un chèque cadeau de 7 sans minimum à utiliser
pour votre premier achat su
Hi,
2014-05-02 8:26 GMT+09:00 Jordi Mallach :
> Hi!
>
> Below is a report from the recently held systemd + GNOME sprint in
> Antwerp. Enjoy!
>
>
>
> We finally discussed how to tackle Bluez5. Bluez 4 is the current release
> available in Debian, which is dead upstream and deprecated since late
On Wed, Jun 11, 2014 at 03:46:07PM -0700, Josh Triplett wrote:
> > Would it make sense to scan for the opcode?
> No, let's not propagate this issue outside the kernel. Anyone wishing to
> complain about the use of hardware-accelerated randomness should argue that
> upstream with projects that ado
reopen 749795
stop
Hi.
I'm reopening this for now, even if the issue is solved from a technical
point of view (see below why).
In my opinion this is really some horrible bug... probably it could have
been very easily found by others, and we have no idea whether it was
exploited already or not.
On 6/11/14, Joey Hess wrote:
> I stumbled over a library which has switched to using RDRAND in a new
> upsteam version (not yet packaged), instead of /dev/urandom[1].
Which library is using it?
>
> I don't have a stong opinion on the security of RDRAND, which is a
> contentious topic in a domain
Joey Hess wrote:
> I stumbled over a library which has switched to using RDRAND in a new
> upsteam version (not yet packaged), instead of /dev/urandom[1].
>
> I don't have a stong opinion on the security of RDRAND, which is a
> contentious topic in a domain I am not expert in. However, I would muc
I stumbled over a library which has switched to using RDRAND in a new
upsteam version (not yet packaged), instead of /dev/urandom[1].
I don't have a stong opinion on the security of RDRAND, which is a
contentious topic in a domain I am not expert in. However, I would much
rather rely on linux deve
On Tue, Jun 10, 2014 at 09:32:05PM +0200, Stefano Rossi wrote:
> Hello Dariusz and Andrey,
>
> I'd love to see a Profanity package for Debian. Are you, Dariusz, still
> working on it?
> I also would like to know, why would the OpenSSL requirement make it
> impossible to distribute the binary?
Op
14 matches
Mail list logo
