Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)

Peter Palfrader wrote: > Due to the weakness in our openssl's random number generator (see the > Debian Security Advisory #1571 from a few minutes ago[1]) that affects > among other things ssh keys we have disabled public key auth on all > project systems until further notice. Hi all, if I underst

Re: Results for General Resolution: Altering package upload rules

Debian Project Secretary wrote: > At the end of voting, with 313 Ballots resulting in 260 votes from 257 developers, "General Resolution: Altering package upload rules" has carried the day. Please forgive me if this is a stupid question, but how can there be more votes than voters? Gerardo

RE: glibc and UNACCEPTs

From: Wouter Verhelst,,, [mailto:[EMAIL PROTECTED] > > Is there any sensible reason for ever uploading a package in unstable > > with a higher version than in experimental? If not, such uploads can > > simply be forbidden altogether. > > The documented and preferred way to remove packages from >

Re: glibc and UNACCEPTs

Anthony Towns wrote: > Yesterday, glibc 2.3.999.2-10 was accidently uploaded to unstable instead of experimental [...] Would anyone like to contribute their thoughts, so we can do an "air crash" style failure analysis to work out how we can avoid this class of problem in future, given the safety ne