On Thu, 27 Aug 2009 15:12:20 +0930 Ron <ron@debian.org> wrote: > On Wed, Aug 26, 2009 at 08:16:18PM +0100, David Goodenough wrote: > > Actually it is openssl-blacklist that contains openssl-vulnkey, and > > in sid openssl depends on that. And as openssl-vulnkey is written in > > python it is rather needed. > > $Someone should just rewrite that in a $real language. The gratuitous extra > dependency on python there is annoying for more than just embedded systems. Or just decide whether you actually need the blacklist on an embedded system - what is the benefit of scanning SSH keys on the embedded device? Scanning for vulnerable keys (by definition old keys) is a service devised for servers where a lot of people have SSH keys. The blacklist package is not always necessary. (Indeed, the openssh-server package isn't exactly necessary on an embedded device either.) These are two large packages and there is no direct dependency (AFAICT) that requires the blacklist or server, can you not just use the client? If a server is needed, can dropbear fill the need? -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
Attachment:
pgprMO8AzIaOa.pgp
Description: PGP signature