[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: openssl-vulnkey and python

On Thu, 27 Aug 2009 15:12:20 +0930
Ron <ron@debian.org> wrote:

> On Wed, Aug 26, 2009 at 08:16:18PM +0100, David Goodenough wrote:
> > Actually it is openssl-blacklist that contains openssl-vulnkey, and
> > in sid openssl depends on that.  And as openssl-vulnkey is written in
> > python it is rather needed.
> $Someone should just rewrite that in a $real language. The gratuitous extra
> dependency on python there is annoying for more than just embedded systems.

Or just decide whether you actually need the blacklist on an embedded
system - what is the benefit of scanning SSH keys on the embedded
device? Scanning for vulnerable keys (by definition old keys) is a
service devised for servers where a lot of people have SSH keys.

The blacklist package is not always necessary. (Indeed, the
openssh-server package isn't exactly necessary on an embedded device
either.) These are two large packages and there is no direct dependency
(AFAICT) that requires the blacklist or server, can you not just use
the client? If a server is needed, can dropbear fill the need?


Neil Williams

Attachment: pgprMO8AzIaOa.pgp
Description: PGP signature

Reply to: